47% Of All Hacked Websites Contained At Least One Backdoor
Whether the hacked website is owned by a huge corporation, a small local business, or even an individual recreational blogger, it won’t take the victim long to find out about the hack. From Google’s “site may be hacked” warning to distressed calls and emails from customers, word that the website has faced a cyber attack will spread like wildfire.
The website manager will then promptly take steps to remediate the problem and render the site secure again. This process may turn out to be a nightmare, but once it’s over, you can breathe a sigh of relief — right?
As little effort as hackers tend to put into gaining access to individual websites, cyber criminals go to great lengths to hold onto access they’ve already established. An in-depth Sucuri report from 2019 found that 47 percent of hacked websites contained at least one backdoor — a vulnerability that allows them to easily get back into the website while completely bypassing regular login mechanisms.
The most common types of backdoors currently used are:
- Uploaders, code that allows hackers to upload diverse types of malicious files
- Remote code execution backdoors, pieces of malware that allow hackers to easily gain control of the website again
- Webshells, which once again allow malicious actors to gain control of the website’s filesystem
Nearly half of websites that were hacked once are, then, extremely vulnerable to reinfection. Not only can the original attacker find their way back in to wreak havoc once again, opportunistic “scavenging hackers” also scour the web in search of websites that have already been corrupted. These opportunists are akin to burglars in search of an easy target — they may not come in through the front door, but leaving a kitchen window open will be taken as an open invitation to commit theft.
It is important to mention, meanwhile, that not all backdoors are created by hackers. Developers and penetration testers, too, may purposely create backdoors for their own use — something that can also leave a website vulnerable.