WordPress accounts for 90% of compromised CMS sites
Approximately 90% of all Content Management Systems (CMS) that Sucuri studied and helped fix in 2018 were WordPress sites..
In second, third and fourth place with a large gap are Magento (4.6 percent), Joomla (4.3 percent) and Drupal (3.7 percent); this is the relationship published by the company.
Sucuri experts identified that most of the hacks were related to vulnerabilities in plugins and templates, misconfiguration issues, and lack of maintenance by webmasters, who often forgot to update CMS, themes, and plugins.
Experts said that Only 56% of the sites examined were using an up-to-date CMS when he was called to deal with an attack.
E-COMMERCE SITES ARE OFTEN NOT UPDATED
But while 90 percent of all compromised sites were built on the WordPress platform, most of them were running updated versions. Sucuri said that only 36 percent of the compromised WordPress sites the company investigated were running an outdated version. So Sucuri is implying that WordPress's "weaknesses" do not stem exclusively from an update problem.
On the other hand, CMS such as PrestaShop, OpenCart, Joomla, and Magento were almost always running on an outdated version at the time the hack was discovered. 
"Questa tendenza ad aggiornare meno le versioni obsolete, spinge a pensare che i siti di e-commerce tendono ad essere aggiornati con meno frequenza per evitare di creare problemi di funzionalità e quindi non incassare denaro", ha detto Sucuri.
"Gli aggressori hanno un grande interesse a compromettere i siti di e-commerce poiché contengono i preziosi dati dei clienti (ad esempio, carte di credito e informazioni sugli utenti). È fondamentale che i proprietari dei siti Web aggiornino i loro software per garantire che i loro siti abbiano gli ultimi aggiornamenti di sicurezza e patch di vulnerabilità".
Tuttavia, nonostante alcuni siti abbiano versioni CMS obsolete, "la principale causa di infezioni derivava dalle vulnerabilità dei componenti", ha affermato Sucuri.
SEO SPAM IS ON THE INCREASE
Sucuri confirms that 68% of all compromised sites it investigated had at least one backdoor.
The Sucuri team says that hackers used approximately 56% of the compromised sites to host various malware (for other operations) and placed SEO spam pages on 51% of the compromised sites, a number that has increased over the past year, from 44% in 2017.
Il SEO spam è una delle famiglie in più rapida crescita negli anni precedenti", ha detto Sucuri."They are difficult to detect and have a significant economic impact on impression marketing.
Most often, as a result of Search Engine Poisoning (SEP) attacks, perpetrators attempt to capitalize on site rankings and rankings to monetize through affiliate marketing or other blackhat tactics. SEO spam is typically achieved through PHP code attacks, database injections (SQL injections), or .htaccess redirects.
"I siti web interessati dagli attacchi SEO sono spesso infettati da contenuti spam o reindirizzano i visitatori a pagine specifiche di spam. Il contenuto indesiderato appare sotto forma di annunci pubblicitari farmaceutici, ma può includere anche contenuti iniettati relativi ad altri settori come la moda, telefonia o l'intrattenimento (ad es. materiale, saggistica, marchi di moda, prestiti e gioco d'azzardo online). "
Source: zdnet.com
