Attacks on websites belonging to small and medium-size businesses nearly tripled year over year in the second quarter of 2017, from a daily average of 22 per day in the same quarter last year to 63 per day. Automated bots delivered 85% of the attacks.
The numbers pencil out to about 23,000 attacks against the websites in the second quarter. More than 1.71 billion records were compromised in the first six months of this year, and the total is on a pace to surpass the 1.37 billion compromised records in all of 2016.
The data were reported by website security firm SiteLock in the company’s “Website Security Insider” for the second quarter of this year. The report includes proprietary data from more than 6 million websites.
Malware attacks during the quarter focused on deception and persistence without leaving a visible trace. These attacks tend to infect more of a user’s files than do other types of attacks and left an average of 1,967 infected files on a website. Spam attacks accounted for 62% of malware attacks, while backdoor attacks accounted for 23% and malicious redirects accounted for 8%.
SiteLock WordPress evangelist Logan Kipp said:
Only eight percent of the total infected website sites in the SiteLock study contained spam. Even so, spam accounted for 62% of all the infected files that SiteLock discovered. This means that spam infections are characteristically much more disruptive in terms of their scope of impact with regard to file structure. For example, your average infected website may only have a handful of files directly impacted by malware, but spam infections may create hundreds or thousands of files and directories, making them one of the noisier infection types.
The full report is available from SiteLock.