20 to 25 percent of the internet is compromised. Malware exist in computers of around 40% of the customers (The Dark Reading). Where does this leave an average website in terms of threat exposure?

These are not just some random figures collected to skew importance of security. These are concrete facts that underline repeated security failure to trace and prevent such worms, viruses, and bots that disrupt business for thousands of companies globally.

Imagine this. The total number of malware has grown close to 400, 000, 000 in numbers this year, out of which 80, 000, 000 have been recently discovered.

30-Year Malware Graph

12-Month Malware Graph

What is Malware?

Malware, widely used as short for ‘malicious software’, is a broad category that includes multiple types of intrusive software. Common system viruses, worms, Trojan, adware, spyware, ransomware, and other similar programs can be termed malware. Quite obviously, they are used across the range of computing devices to weaken their core strength and steal information or corrupt something.

With the rise of web applications in almost every sector to execute key functions and processes, malware also crept into the domain posing threat to sensitive information and online financial transactions.

Stuxnet was probably one of the most critical findings in the area. It was a 500kb worm that could replicate itself and compromise logic controllers?  In simpler words, it allegedly helped destroy expensive uranium at 14 Iranian industrial sites in 2010.

Similarly, Regin was also one of the most talked-about malware last year. The sophistication of its construction aimed at long-term surveillance makes clear indications to the fact that it has been developed on country funds. Its customizable form makes Regin even more complex and necessary to deal with. However, there were not the only risks that countries have faced. Across the timeline, there have been some other interesting malware including Duqu, Gauss and Wiper that have repeatedly called for security mechanism strong enough to withhold such attacks.

You can read about many of such malware and their effects in ‘State Funded Cyber Weapons’.

Website Malware Threat to Your Website

A website is only as secure as the applications it is using to deliver its services and content. If a malicious software were to gain control of such applications, it can easily make changes in the content and even access the backend server to gain whatever it requires. A hacker or bot only needs a way to execute malicious script into the application through an existing weakness such as SQL injection.

Even if the website and its applications are regularly tested for malware traces, there is no guarantee that all the online communications of the apps with customers will be free from them. According to Indusface CTO Mr. Venkatesh Sundar “If the end user is compromised, there is every chance of website getting breaches.”

He adds that the complexity of modern day apps adds to the risks of bypassing security measures during the process of transactions. In fact, many hackers couple malware with social engineering research to assume admin control in between click-through pages.

Risks of malware-affected web applications:

  • Data breaches that let hackers snoop into the backend and steal sensitive information
  • Blacklisting from major search engines and website indexes for malicious content
  • Server crashing
  • Distributed denial of services by engaging server and making the website unavailable to genuine traffic 
  • Loss of traffic and business reputation as customers get infected with the worms
  • Partial or complete control over physical devices, like Stuxnet    

Endless Malware Detection and Protection Cycles

Now that we have established that malware risks are constant and can affect users or applications at anytime, how do we prevent them or at least minimize the risks? Is it enough to run malware tests occasionally?

The answers lies in proactive web application scanning and firewall that never goes down, not even for a second. IndusGuard Total Application Security solution combines the benefits of detecting malware continuously and sending notifications through on-demand or daily reports. It even comes with managed web application firewall blocks malware installation attempts on web applications and monitors traffic data to get insights on attack attempts and malware signatures.

The idea behind Total Application Security is to identify threats of all kinds, not just malware, and then to protect applications against exploitation attempts. A larger part of the process is to get into the psyche of hackers and bot behavior in order to improve detection of vulnerabilities in the application structure and moving on to improving protection, which again powers the whole cycle.

Do you suspect malware on your website? Get a detailed report with Indusface Free TrialIndusface Free Trial.

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.