- DDOS – distributed denial of service attacks engage networks of computers to bombard your server with requests
- Brute force attacks – where the attacker attempts to guess your login details usually using an automated system that can send hundreds if not thousands of requests very quickly
- Malware / spyware – where a piece of malicious code is inserted into your system which allows another person (or a program) to take over your computer
- Ransomware – where a small program activates on your computer, encrypting all your data requiring the payment of ransom before you are sent a key to unlock your own machine.
Despite the relative openness and transparency on the web, few people or firms openly talk about cyber attack. This means it is difficult to gauge just how widespread these cyber attacks actually are and whether we should be personally or professionally concerned about this phenomenon.
Now, each month, creator of the WordPress firewall plugin, WordFence, have begun producing a regular report on cyber attacks. This report collates attack information based on the plugin’s install base (WordPress powered websites and blogs all around the world). And while this is just a subset of websites and platforms that live on the internet, it provides a great insight into cyber attacks, including:
- The IP address from which the attack originated
- Country of origination
- Number of attacks launched
- Types of attacks.
Most of these originate from Iliad Enterprises. Iliad is a large organization with many subsidiaries and over 4000 employees. They tried to buy T-Mobile in the USA 2 years ago. The netblock for these IPs is registered to Iliad, but the attacks may originate from one of many subsidiaries of Iliad, like the ISP ‘Free’ in France.
- 63 million complex attacks – attempts to exploit weaknesses in your website code, plugins or database
- 67 million brute force attacks – attempts to guess your passwords and user IDs.
- Regularly patching your site – updating it with the latest changes
- Regularly updating your plugins – turn off the plugins and functionality that you don’t use, and update the ones you do.
- Complex user passwords – require that your users all have complex passwords that consist of upper and lower case characters, numbers and symbols and have a substantial length (more than 8 characters)
- Put in place a mechanism that blocks users after a small number of unsuccessful login attempts
- Add a web firewall to monitor and protect your code from unauthorised updates.
Why should you care?