A simple question!
It’s hard not to feel as though you have been singled out by some shadowy hacker somewhere, but the truth is usually less exciting.
Automated attacks take up a considerable share of attacks on websites, in effect the hacker throws a wide net and isn’t concerned with the content or nature of the sites that they attack.
For the hacker the advantages for this method of attacking are clear:
- Many sites are attacked in a relatively small amount of time
- Reduces the time-cost overhead for the hacker
- The tools to perform these kinds of mass attack are usable regardless of skill
- Due to the number of attacks the chances of success are high
These automated attacks also flag vulnerable sites that the hacker can then investigate further. We can think of the process as follows:
- Reconnaissance - The hacker identifies a vulnerable site that the automated software has found on the web.
- Identification - The hacker then identifies the vulnerabilities of the site
- Exploitation - The hacker exploits these vulnerabilities and gains control and / or access to the site
- Sustain access - The hacker puts things in place to ensure they can maintain access or regain access if the hack is discovered.
The first two steps can use bots, scripts and other code to trawl the web looking for opportunities. The next two steps can also involve automation but are likely to involve the hacker using manual techniques as well.
Types of attack
The most common attack is an attack of opportunity. Research has found that within 30 - 45 days of a website going live, regardless of content and audience, it will be added to a bot crawler. The bot crawler wil then start looking for vulnerabilities, such as:
- Old versions of the CMS (Content Management System) that the site runs on
- Outdated plugins
- Common passwords
If a vulnerability is found by the bot, the hacker is notified and the next stage of the attack begins. Note that if no vulnerability is found, the bot will still keep coming back, and keep looking for vulnerabilities.
Less common (but still a concern) there are targeted attacks, this type of attack is usually associated with large companies and sites. A common type of targeted attack is the DoS (Denial of Service) attack, where a hacker attempts to take a site off-line.
So why do hackers hack sites?
One of the most obvious reasons is to make money. The hacker can make money from attacking your site in a number of ways:
- By using crypto locker software a hacker can seize your website and all of it’s data and ransom it to you. Crypto locker software can be very hard to bypass and many companies have opted to pay the ransom to reduce downtime and recover their data.
- The hacker may install a piece of malicious software on your site that automatically attempts to install itself on the machine of whoever is visiting your site. This is known as drive-by-downloading, the results of which can be your customers having their bank accounts drained, and you receiving the blame.
- With blackhat SEO spam campaigns the hacker may inject links into your website that point at a location that they wish to promote. These links may not even be visible, but search engines detect them nonetheless, and they improve the search engine results for the link location.
- The hacker may want to use your system resources, by installing a bot that runs from your website they can be using your bandwidth, your servers processor and so on to stage attacks on other sites. This is alarmingly common, with botnets made up of hundreds of thousands of infected websites and computers working together.
- Something that people have trouble understanding is that many attacks are carried out just because the hacker could. These can be attacks from bored kids, or people who are experimenting with a piece of software.
So what can I do?
We have talked about web security previously <link>here<link>, but here’s a quick summary of what you can do to stay safe:
- Make sure you keep the software that your site runs on updated, and maintain a regular update schedule
- Use strong passwords, we recommend using a password wallet such as LastPass to enable you to keep very strong passwords that you don’t need to remember.
- Take regular backups of your site, in the event of a catastrophic hack this will make getting your site back online a lot easier
If you would like to discuss your sites security or arrange a site audit, then please get in touch here or call us on 01625 666900.