vector - screwdriver over a toolbox

Most site owners assume that if their website was targeted by hackers there would be no interesting data to steal such as credit card details, and believe hacking it would be a worthless exercise.

Unfortunately, they’d be wrong, as aside from data compromised site visitors can be monetized in various malicious ways.

The web server can be used to run malicious software and host content and the reputation of the domain name and IP address can be leveraged.

Wordfence recently ran a survey asking people who reported their site being compromised what the hackers did to their site.
The below results were published:


Results from Wordfence 

 

The results clearly show that there are quite a variety of things the attackers are doing with the compromised sites:

  • Defaced site/took offline 
    • The hackers may replace your site with their own content, often political terrorist groups, this gives them free advertising for their cause.
    • Or hackers may simply want to brag that they hacked your site seeking recognition, or simply remove it/destroy it and take it offline.
  • Send spam
    • Spam email is a huge issue, and sometimes the site owner may not be aware of it going on for some time.
    • It can result in the site owner getting blacklisted for spam ad could damage the reputation of the business.
    • Ultimately, the hacker gets to use the resources you are paying for, for free and are trying to get people to click on malicious websites.
  • SEO Spam
    • Hackers are able to divert traffic from your website (by hiding links throughout) to their own to improve their search engine rankings.
  • Malicious redirect
    • Attackers redirect traffic to malicious websites either by using links or adverts, or by diverting all traffic directly.
  • Host phishing page
    • Phishing is attempting to fool the visitor into providing sensitive information, for example credit card numbers or password details.
    • Hackers are looking to use credit card details or even to steal a person’s identity.
  • Distribute malware
    • Attackers can install malware that in turn installs malware on your website visitors computers without their knowledge.
    • This could not only damage your reputation if your visitors are affected, but if google detects what is happening they will flag your site via their safe browsing program, which will cause your SEO traffic to drop significantly.
    • The hackers benefit from this by getting access to steal information, or simply do it to wreak havoc!
  • Steal User data
    • From the above results this was a surprisingly low number that reported data being stolen.
    • Wordfence suggest this may be due to WordPress sites not storing sensitive data beyond user credentials and maybe email addresses OR it could be that it’s very difficult for the site owner to detect if data theft has occurred and therefore the numbers may be understated.
    • Attackers would be looking to steal email addresses to use for spamming, credit card details for obvious reasons and username/passwords in hope that the user is repeating use of passwords and therefore gain entry to other information.
  • Attack site
    • This seems fairly rare based on the above research, however in some cases an attacker will use your website as a platform to launch attacks on other websites.
    • This allows the hacker to use your server free of charge; get past their targets defences by using your domain and IP address and could ultimately ruin your reputation.
  • Ransomware
    • This is a malicious software that blocks your website and demands you pay a ransom for having access restored.
    • If you don’t have backups that you have kept safe from the hacker, then you may decide that the ransom is worth paying, hence the attacker profits.
  • Host malicious content
    • The hacker quietly stores their files free of charge on your server with a domain and IP address that have a clean reputation!
  • Referrer spam
    • Referrer spam is bot traffic to your site set up to look like it’s coming from a fake referrer.
    • The spammer is trying to get the site owner to check out where the traffic is coming from, driving traffic to the site!
    • Their goal is to drive traffic to their websites for reasons that often turn out to be malicious.

So if you thought your site would not be of interest to hackers, then you may have changed your mind after reading the above.

If you want to discuss how to improve your websites security contact Showcase now.