Do you know that . . .
- 44% of web traffic is from humans
- 56% of web traffic is from bots, impersonators, hacking tools, scrapers and spammers
- About 37,000 websites are hacked everyday
In early April 2013, millions of websites around the world, that are using WordPress, were attacked by hackers. The hackers use over 90,000 compromised computers to attack millions of websites. These hackers were taking advantage of the fact that many people do not take basic security precautions for their website. The hackers were looking for easy targets … the “low hanging fruit.”
The hackers were using Brute Force attack to try to login to the WordPress site using the username ‘admin’ and guessing the password using common (very insecure) passwords such as ‘admin’, ‘password’, ‘123456’, ‘222222’ or ‘qwerty’. A large network of compromised computers and servers, which they had already hacked, were used to create a massive attack on other websites. These computers were used in an automated fashion to attempt to login to the WordPress sites. Once logged in, the hacker has control over the website, which could then be used to launch further attacks. It is very likely that many of these website owners are unaware that their websites have even been hacked.
If you think that your website is just too insignificant to be noticed by hackers, think again, your site might just be the ideal target for hacking.
Below are 8 common reasons why anyone would hack a website.
Stealing User Information
Information is valuable and information such as usernames, emails, password, etc, can be sold. When information are stolen from a website, it can be used to attack another website. For example, user of Amazon or Paypal may be using the same login and password of the stolen information from your company website and your company can be sued for such damages. When your website is hacked, hackers can change the login page or payment page with an identical one hosted by the hackers, so that, unsuspecting users will directly give their financial and login details to the hackers.
A hacking technique that is becoming popular and lucrative among the hackers is the “drive-by-download” technique which usually has a 5 Stages of web attack. This is a malware delivery technique that is triggered simply by visiting a website which is legitimate or trusted. The malware on the website could be some hidden codes within a website content, banners, or advertisements. Hackers are becoming more advanced and sophisticated over recent years, so, a simple act of visiting a site is enough to get your computer infected or your personal details stolen.
Hosting Illegal/Objectionable Content
Website with illegal or objectionable content will have difficulty finding a hosting company or will have expensive hosting subscription plan, so, many will attempt to use other peoples’ websites to host the content instead.
One of the most common reasons for such motive is to distribute illegal content, such as trading pirated software or anything of that kind, while being unnoticed. When these activities are discovered, the innocent website owner is likely to face legal implications, the loss of credibility or worse, while the hacker remains untouchable.
Search Engine Optimisation (+affiliate commissions)
Search engines are one of the most effective ways to get website visitors. Hacker can made use of your website for their advantage to boost the SEO (Search Engine Optimisation) of other sites and also make money by adding links with affiliate commission. Hacker often piggyback on legitimate website’s reputation to promote their own interest.
When hacker has successfully hacked the website, the hacker can place links on the hacked website to be directed to malicious sites that seek to harm the website visitors’ computers and/or sell some fraudulent product or service. These links may be hidden and not intended for people to click on because it is purposely intended to be visible to the search engines, to help the destination websites move up the search rankings. Unscrupulous internet marketeers will find it cheaper to buy space on hacked websites from shady operators, than to spend the effort and money building up their products.
Search engines will often penalize the owner of these hacked sites for spamming their database and it will also have a negative impact on the business.
Spam Mail Server
There is an increase in spam e-mail and spam domains that not only sell illicit products, but attempt to download malware and infect the visitor’s PC.
Hacker who hacked your website for spamming may not personally send out spam, instead, the hacked information of your website access can be sold to spammers. Once your website has been hacked, hackers can make use of your mail server to mail out spam to commit online fraud and making you a perfect scapegoat for their illegal activities.
Since hackers cannot purchase a legitimate hosting account solely for sending out spam because their accounts will be deleted by the hosting service provider once it is being discovered, hackers will target on poorly guarded websites. Spamming can take up huge bandwidth or loads on a shared server which will eventually slows down all websites hosted on this shared server and degrade the hosting service. When 20,000 SPAM emails are sent out from a server, that website address will be blacklisted. Once the IPs of the hosting service provider are blacklisted, most users on the server will not be able to send or receive emails.
Spreading Malware (eg Trojans, Viruses, and other bad stuff)
Your website can be used by hackers to infect people’s computers with malware or virus. Once your website has been hacked, hackers will hide dangerous files on your website because they need to cover their track and obviously they cannot use their own servers, which could easily be traced back to them. Therefore, they will hack a website to upload their malware. When the hackers send out their spam, which is mostly likely using hacked website, the unsuspecting people may actually be downloading the malicious files from your website.
In December 2015, a Canadian Hospital website was hacked to serve Ransomware virus. Ransomware is a deadly virus that will lock or encrypt the files on a computer and renders them unusable until the victim pays a “ransom” to unlock the infected files. The hospital web portal was powered by the Joomla CMS, running version 2.5.6 (latest version is 3.6.2 as at 19th August 2016) according to a manifest file present on their server. Several vulnerabilities exist for this outdated installation, which could explain why the site has been hacked.
Innocent visitors who visited the hospital website with weak or no anti-virus protection or outdated anti-virus software are automatically infected with the deadly virus. Yes, it is impossible to recover your infected files because they are encrypted and will take years to decrypt it with decryption tools using a very powerful computer. Don’t hope that your infected files will be decrypted after paying the ransom and don’t expect integrity from these people because you are dealing with criminals who may not honor their words. Usually, you will be required to give the ransomer the infected files to be decrypted. It is like giving your safety box full of diamonds to a criminal who has the key to open it. So, you can imagine what happened when you hand over your infected files with important and sensitive content.
To Use The Site For Other Attacks
Your website can be part of a botnet (a large network of compromised computers) which hackers can use to launch attack on other sites. Hacker can use a botnet to perform a wide variety of attacks including spreading malware and most commonly used for DDOS (Distributed Denial-Of-Service) attack. Creating a botnet makes it harder for the authorities to trace who is doing the hacking and also makes it harder to stop.
If the hacker’s intention is to attack a high profile site, perhaps to flood it with requests in the hope to bring the site down, the hacker will look for a distributed network of servers to do this from. Your website could be used as just one of those servers.
All botnets have something in common which is to collect personal information, to commit fraud, to leverage fear and panic by deploying ransom ware, to flood the internet with spam, to widen the botnets by spreading the viruses far and wide, and to perform DDOS attack on various web-sites in an attempt to bring them down.
In April 2008, the Kraken Botnet was created and soon became the world largest botnet, infecting 50 of the Fortune 500 companies growing beyond 400K bots. It was estimated to send out over 9 billion spam messages per day. It was designed to evade and hide from conventional antiviral techniques and software. In recent years, such botnets have been used in attacks against financial institutions as well as government websites and systems.
Hacktivism is the act of hacking a website or computer network in an effort to convey a social or political message. The person who carries out the act of hacktivism is known as a hacktivist. These hactivists are politically-motivated cyber criminals of the world. Like other activists, Hacktivists have their own political agenda and often pursuing activities that expose (real or perceived) wrongdoing, or exacting revenge to target an entity or organization prominent in the mainstream news.
Hacktivists usually have 3 goals – 1) Exposing information, 2) Changing or defacing information, or 3) Denying access to services. So far, the Hacktivists’ preferred methods of attack include off-the-shelf tools and toolkits, as well as DDoS attacks. Unlike other hacker-types, Hacktivists usually lack the financial support for more advanced and costly methods of attacks. They tend to be reactionary, with set deadlines. The true talents of the Hacktivists lie with coordinating and communicating among their organization, proving more powerful and effective as a collective than as an individual. There have not been many reported incidents of the higher-level members of hacktivist organizations being caught or prosecuted for their crimes, but those that have been caught are usually less-experienced teenagers or college students.
In the 2013 Singapore cyberattacks, a number of websites, including the government websites, were hacked into by the hacktivist organisation named Anonymous, and was represented by a member known by the online handle as “The Messiah”. The hacktivist threatened to unleash cyber attacks against the Singapore government for restricting Internet freedom with its new Internet licensing framework, which was announced in mid-2013.
There are people out there who is attacking a website out of sheer boredom and amusement. Most of the time these hackers are computer-savvy teens with nothing else to do. Oftentimes these young hackers want to explore and learn about hacking or may just want some attention. They will deface your site so that they can brag to their friends and claim credit. To them it may just be another trophy won in a game. While this may or may not be dangerous, such incidents certainly can be embarrassing for you and potentially cost your business.
Early this year 2016, an 18-year-old Information Technology (IT) student, Bikash Poudel, was arrested by the Nepal Police on Sunday on the charge of hacking government websites, has claimed that he hacked the sites ‘just for fun’. He is suspected to be the leader of the hacktivist group “Anonymous #opnep”. Paudel was found to have hacked websites including those of National Tuberculosis Center, Small and Cottage Industry, Dairy Development Corporation among others.
Insecure websites are economically valuable. Weak passwords, outdated web platforms and plugins, etc., provide ways for the hacker to use your computing resources, to make money. The costs of breaking in are less than the revenues they can make – so hacking is a profitable activity.
Here are 3 basic steps you can take to minimize your website being hacked and your computer being infected with malware or virus. The risk is never zero. You rather have some protection, at least the basic, which will not cost you an arm or a leg, than have empty protection and regret when your website is hacked.
- Backup your website frequently. Without a regular backup, you are really in for a hard time to get back to where you once were when you loose your website content.
- A good defense or firewall for your website. Example, Wordfence for WordPress website
- A good anti-virus software for your computer. This will protect your computer from malware when surfing the internet. The usual software I recommend or installed for my customers is Kaspersky Internet Security.
Watch out for my next post on how to protect your WordPress website and I will be giving free tips on some free plugins which you can install for your website protection.
Do you have friends in your social networks or a Facebook group who you think would find this useful? Share this with them by clicking on the social network icons on the left side and then let me know what they think. Sign up for my free email updates to automatically receive my new post.