4.1 million websites infected with malware worldwide

Research released today by Sectigo has revealed that 4.1 million websites globally are currently infected with malware, with cyber attacks of all kinds on the rise

According to the study, bot traffic accounted for 5.5 times more than human traffic in 2021, compared to 2020, with 2,306 weekly average bot visits per site being made.

Alongside this, the volume of human traffic decreased, indicating that malicious actors are increasingly using bots to scale their attacks and target unaware owners of small and medium-sized business (SMB) website owners.

This lack of awareness is demonstrated in the finding that nearly half (48%) of SMB website owners believe they are too small to target, even though half of them have been breached.

Despite rising threats, 93% of websites infected with malware were not blacklisted, meaning there are many blind spots being missed not only by businesses, but also search engines such as Google.

In addition, WordPress sites were found to be 39 times more vulnerable than non-Content Management System (CMS) sites, with plugins proving a major factor — for every five plugins on a website, the risk of an attack is nearly double, according to Sectigo’s research.

“While there are legitimate reasons for bots to visit a website like search engine crawlers and copyright scans, bots are also used for a variety of nefarious purposes,” said Jason Soroko, CTO of PKI at Sectigo.

“Malicious bots can programmatically visit websites and identify vulnerabilities in code to execute their attacks, such as stealing data or inserting malware.

“The public internet is a very dangerous place and is increasingly getting worse. Don’t commit the fallacy of the underdog — SMB websites have enormous value to bad actors because they have customer data and can be used for phishing attacks.

“It’s not just about fraud, either. If websites handle payments, they’re obvious targets, too. The content management system platforms SMBs rely on may not protect against these threats. In fact, they are inherently difficult to secure.”

The research from Sectigo was conducted by the company’s website security protection and monitoring subsidiary, SiteLock, and features analysis of over 14 million websites to determine the most prevalent cyber threats faced today.

The full ‘2022 SiteLock Annual Website Security Report’ can be found here.

Avatar photo

Aaron Hurst

Aaron Hurst is Information Age's senior reporter, providing news and features around the hottest trends across the tech industry.