Search engine listings littered with dangerous malware

Millions of sites play host to malware, whether intentionally or otherwise

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

There are currently an estimated 4.1 million websites infected withmalwareworldwide.

This is the conclusion of a new report from certificate lifecycle management (CLM) provider Sectigo, based on an analysis of more than 14 million websites conducted by its website protection and monitoringarm, SiteLock.

What’s worse, almost all of these infected websites (93%) are not blacklisted and therefore appear in public search engine listings. The most prevalent malware variants are Filehacker, which is found in more than a third of infected websites, and Backdoor (31%).

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

Bot traffic

To infect many millions of websites is an impressive feat. So, how do threat actors do it?

Sectigo believes the majority automate their attacks; bots in 2021 accounted for 5.5 times more traffic than humans, amounting to more than 2,300 weekly average bot visits per site. At the same time, the volume of human traffic decreased.

While not all bot traffic is malicious, the part that is causes plenty of headache all around.

Bot traffic fueling rise of fake news and cybercrime>Bot traffic reached a new high in 2020>‘Bad bots’ make up a huge amount of all internet traffic

“Malicious bots can programmatically visit websites and identify vulnerabilities in code to execute their attacks, such as stealing data or inserting malware,” said Jason Soroko, CTO of PKI at Sectigo.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The public internet is a very dangerous place and is increasingly getting worse. Don’t commit the fallacy of the underdog, SMB websites have enormous value to bad actors because they have customer data and can be used for phishing attacks. It’s not just about fraud, either. If websites handle payments, they’re obvious targets, too. Thecontent management systemplatforms SMBs rely on may not protect against these threats. In fact, they are inherently difficult to secure.”

In total,endpointsare attacked 172 times per day, meaning they receive eight attacks every minute. Nearly half (48%) of SMB website owners believe they are too small to target. At the same time, more than half of them have already been breached.

Given the broad range of threats, businesses require a comprehensivesecurity solution, Sectigo concluded.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time