The problem with hackers attacking websites is on a constant rise. Month-to-month we list tens of vulnerabilities found in popular plugins that developers use on their sites.
Most of these are being targeted by hackers. We monitor the sites we protect daily and see the number of attacks increasing every week.
The reason why hackers are hacking websites is still a mystery for a lot of people. So, in this article, you are going to learn why hackers hack websites.
If you are a web developer, agency, or freelancer who is responsible for websites, you probably have seen this issue. If you are a website owner or newbie on the field, a hacked site can come as a big surprise.
What is the main motivation behind the hacks?
It isn't you or your site specifically in most cases. Nor is it your business behind the site. Hackers are targeting the software that you use. Money is obviously the most common motivation behind the attacks.
When they are successful they can generate money.
How many websites get hacked every day?
The latest data has shown that about 50 000 sites get hacked every day. It may mean a lot of money for hackers, right.
How are hackers making money with hacked websites?
Even a small website can generate a substantial amount of money. Cybercriminals and web hackers can make money with your compromised website by distributing malware, SEO spam, and even set up e-mail spam servers and phishing sites.
SEO spam is a very common problem
If you dig deeper you see that there are actions that hackers take to make money. One of these is SEO spam.
What is SEO spam?
SEO spam is a type of spam. It is basically an action of injecting backlinks and spam to legitimate sites. It remains one of the most profiting and popular types of website attacks.
After the website is compromised, a malicious backdoor will be uploaded to the website which gives access to the attacker allowing him to invisibly redirect your visitors to their scam sites at any time they want.
Apart from generating money for the hacker, your website gets a penalty from search engines which will ruin your SEO.
"The scam has been traced back to organized crime syndicates operating in what is estimated to be a 431 billion dollar, and growing, market. Its scale, and the danger counterfeit drugs pose to the public health, prompted repeat action from FDA, Interpol, among others."
Hackers use malware
Malware is the worst-case scenario, but evil-minded web hackers can even use your website to infect visitors with ransomware.
What is the difference between malware and ransomware?
Malware is malicious software and it is a code that is made to disrupt, disable, or take control of your system. It is usually hidden or disguised as something else so that scanners won't find it. Ransomware is a specific type of malware.
When we perform malware removals we do it manually. The reason why we do it manually is that most scanners fail to find malware and if in the best-case scenario they do - there's still a backdoor that needs to be patched. The patch is critical, thus we have real security experts who perform the fix manually.
Ransomware is a specific type of malware. When a victim's data is encrypted and can only be decrypted with a key that is known to the attacker. So the attacker will hold your data and ask for ransom from you so that you could get your data back.
"It’s possible to have your operating system, browser, plugins, and applications exposed to exploits looking for vulnerabilities just by visiting an unsafe website. SophosLabs sees tens of thousands of new URLs every day containing drive-by downloads."
Between 2014 and 2016 over 100 000 WordPress and Joomla sites were redirecting visitors to Neutrino Exploit Kit, which tried to penetrate the browser on the visitors' computer and when being successful, infected the operating system with CryptXXX ransomware.
It’s also a billion-dollar market: read more here.
And it’s growing:
According to the latest volume of the Internet Security Threat Report:
$294 = Average amount of money demanded per person in 2015
$1,077 = Average amount of money demanded per person in 2016
$2,000 = Average amount of money demanded per person in 2017
$6,733 = Average amount of money demanded per person in 2018
$13,000 = Average amount of money demanded per person in 2019
When we talk about the year 2020 the data shows that ransomware demand costs could exceed $1.4 billion in the U.S. this year. The numbers are rising in a serious manner and should be alarming to every website owner. You don't want to pay $13 000 for your data, right?
Going back to malware, there are many other ways to make money with it. For example, hacked websites can be connected to a large botnet, which then can be used to provide a DDoS service to attack other sites and web services.
How to protect your websites from malware?
There are three most important things to remember when you want to keep your websites clean from malware. These three things are updates, firewall and secure passwords.
First of all - updates. Make sure you are always updated to the latest version if any of the new vulnerabilities come out. You can enable auto-updates for vulnerable plugins if you know you don't have the time to check the new vulnerabilities every day.
Secondly - install a web application firewall. And not any web application firewall please do your research on the technology. It's crucial to have a firewall that gets constant updates and vPatches.
Thirdly, use secure passwords or even passphrases. Enable 2-factor authentication on your sites and use ReCaptcha on your login and contact forms.
Vandalism with defacement
There is also a different type of hackers, who are doing ill-intentioned actions for fun. These hackers attacking websites are the deface web hackers, vandals, and script kiddies.
They are oftentimes kids who test their skills and love to show it off on hacking forums to compete with the fanciest defacement.
Luckily, these kinds of attacks are usually the easiest to detect and fix. You can find defaced websites from mirror sites, where defacers actively post their new victims.
How are hackers attacking websites?
Website hacking is mostly automated. This is a critical element as there’s a common misconception on how attacks are being executed.
Here’s an example of how a web hacker hacks your site:
1 - Web hacker with evil intentions begins with making a list of targets by country and special fingerprinting (Google Dorking). He can use (automated tools available) Google to find for example every website in the Czech Republic with the default WordPress page “Hello World” like this: site:.cz inurl:/hello-world/
2 - Now, with the list of over 5000 WordPress sites, there are many possibilities. He could start fingerprinting (automated) specific vulnerable (outdated) software and try to brute-force the admin account with different combinations (also automated).
In this step, the attacker can already have access to a lot of sites (most of the sites are not frequently updated and lack security measures).
3 - As the last step, it’s all about infecting and using the site as the attacker wishes (khm.. also automated).
How are hackers attacking websites?
The attacker might have hacked your website without ever visiting the site or seeing it with their own eyes. How, you ask? Most of the "hacking" is done by using automated tools.
And yes, you should worry about it. Keep in mind that similarly to the abandoned buildings that get freaky graffiti and tags on the dark corners — it’s just a matter of time when your website gets defaced and infected with malware if you don’t have basic maintenance, security measures, and proper monitoring in place.
The problem is big and it is growing with time.
To find out how big of a problem you are facing, who could be better than Google.
Here’s what Google released on their blog at the end of March 2017:
"We’ve seen an increase in the number of hacked sites by approximately 32% in 2016 compared to 2015. We don’t expect this trend to slow down."
Since there is almost a 1/3 chance that your website is running on WordPress, you should already know that the year 2017, way back, didn’t even start with a positive tone.
Conclusion: Every day there are hackers attacking websites
Every day about 50 000 sites get hacked. And in most cases, the web developers or website owners don't even have enough knowledge about what is going on on their site. And every day we still see hackers attacking websites.
This is why you need to take proper measures to understand the risks and be aware of the vulnerabilities that may affect your business and your website.
You need to protect your site with a managed web application firewall, keep it constantly updated and secure it with strong passwords. Patchstack can help you to protect your sites and keep them updated.
You can start Patchstack 14-day free trial here. Try it out. We offer a 30-day money-back guarantee.
Your website is the face of your company, protect it!
Want to stay up to date on the latest website vulnerabilities and ways to protect against them? Join the Patchstack Facebook community.