500 websites at hosting companies are compromised each day: report

More than doubling the figure from a year ago

Cyber-criminals are compromising websites at hosting companies at an ever furious rate in order to exploit them to host dangerous content and send spam via compromised accounts, according to messaging security firm Cloudmark in its threat report.

There are now about 500 websites compromised each day as opposed to less than 200 each day last year, with several days in May of this year showing an upward spike of over 1,600 new hacked websites each day, according to Cloudmark. The company's analysis is based on the spam filtering it does for about 2 billion mailboxes worldwide.

Research analyst Andrew Conway says Cloudmark believes more than 2,500 hosting companies have hacked domains, with the largest of them having more than a thousand each. In the U.S, the hosting company with the most hacked domains is SoftLayer, now owned by IBM with more than 6,500 compromised websites currently, he says. In Europe, it's OVH with more than 3,200 hacked domains.

"This is simply a measure of the fact that there are the largest hosting providers," Conway says. "Any large hosting provider is likely to have dozens or hundreds of hacked domains."

[BIG SCARE:12 of the Worst Data Breaches of 2013...So Far]

Cyber-criminals exploit the hacked websites they break into to post content such as porn and malware, for example, to draw in anyone who receives a spam message they send with a link to the compromised website. Sometimes the compromised website is just a place to post a URL re-direction to get to the spammer's landing page.

Breaking into websites at hosting facilities is often fairly easy, according to Cloudmark. "Spammers do not need root access to the account in order to take advantage of it. All they need is a PHP shell, and they exploit a number of different vulnerabilities in order to obtain this access," the report notes.

By far the most common attack technique now is a SQL injection attack in Joomla 1.5, which allows a reset of the admin password, Cloudmark says. "This bug was patched in 2008, but many web sites have not updated their Joomla version since then."

Joomla is the free open-source content management system. Conway says the problem is this old vulnerability in Joomla 1.5 is a tad awkward to patch. The other major content-management system, WordPress, is usually simpler to update, he adds.

The question of who is responsible for patching may not be clear when the business, school or church sets up a website at a web-hosting provider, often with help from a consultant, Conway points out. There may be re-sellers in the mix as well.

The high number of compromised websites today is so substantial that hacked hosting accounts have become a commodity sold in the cyber-criminal underground, says Conway. According to Cloudmark's estimate, 60% of hacked domains are still under the control of spammers one month after compromise. Cloudmark says it can provide hosting companies with a list of compromised domains on their servers for remediation purposes.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags IBMCloudmarksecuritylegalOVHWide Area Networkcybercrime

More about Andrew Corporation (Australia)CloudmarkIBM AustraliaIDG

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts