Why Do Hackers Bother with Small Sites?

You might think that hackers wouldn’t be interested in your tiny blog or small business site. After all, media coverage of large breaches makes it seem like they are only after big prizes like corporate intelligence, huge credit card databases, and national secrets.

Unfortunately for us small fries, the reality of everyday computer crime is much more pedestrian. According to Symantec’s widely cited Internet Security Threat Report, cyber attacks against small businesses have grown quickly in recent years, and are now up to about half of all such attacks against companies.

While some dedicated attackers do focus on large government or corporate domains, many are satisfied with the low-hanging fruit presented by more modest prey. Smaller sites are often ill-maintained and unmonitored, making them easy targets.

Most Hacking Attempts Are Automated

That ease is exactly what attracts this particular brand of attacker. Rather than pick a single target and probe it carefully for vulnerabilities, they cast a wide net and scan the internet for insecure sites.

They often use web crawlers, a type of software that travels from page to page by following links, discovering new sites as it goes. As new targets are discovered, they can be automatically probed for weak spots like outdated plugins and weak passwords.

Hacking an individual site doesn’t usually yield much on its own, but the combined computing or network resources of hundreds or thousands of web servers is immense. The attacker often intends to create a botnet, a huge network of compromised hosts that can be used to wreak havoc across the Internet.

The Many Uses of a Hacked Site

So what do they actually do once they have control of your site? The possibilities are limited only by the attacker’s imagination. Here’s a small sampling of the common uses.

1. Spam

This old scourge remains a big problem to this day. Spammers like to build little empires of hacked computers to do their bidding like zombies. Each victim sends relatively few e-mails on its own, but it doesn’t take much for the whole operation to add up to thousands or millions of messages sent per day.

By distributing their activities across a large number of computers spread across the internet, spammers make it harder for authorities to track them and shut them down.

Compromised web servers can be especially valuable targets, since they can be used to easily send large numbers of e-mails, as well as to serve up the spammers’ landing pages.

2. DDoS Attacks

Large botnets are commonly used to perform distributed denial-of-service (DDoS) attacks, a way of disrupting a computer system by flooding it with data. Much as with spam, an individual computer in a botnet can’t do much damage on its own, but the combined resources of the entire network enable its owner to overwhelm the victim server with an enormous amount of traffic.

On shady parts of the web, access to large DDoS botnets is even sold as a “service” to bad actors looking to sabotage competitors, take revenge on enemies, or simply make a statement.

3. Attacking Users

Hackers can also choose to target your site’s users, usually by serving malware of some kind, like viruses or spyware. These malicious downloads are often disguised as innocuous alerts such as browser updates.

In the past few years, there’s been an uptick in a particularly nasty type of malware called ransomware, which encrypts the victim’s files and demands a payment to secure their release.

While ransomware dates back to at least 1989, the advent of cryptocurrencies like Bitcoin has made this type of attack much more viable. A cryptocurrency makes it easy for people to transfer money electronically but hard for authorities to track these movements if criminals take the right steps to obscure their tracks.

4. Ransomware targeting the site itself

Most conventional ransomware has focused on personal computers and business systems. However, there’s a sort that attacks websites themselves, encrypting the content and holding it hostage in hopes of extracting a ransom from the owner.

While this remains one of the less common kinds of ransomware at the moment, there are indications that it’s growing in popularity, such as a spike in attacks against WordPress installations reported by Wordfence in August.

5. Cryptocurrency Mining

Most cryptocurrencies use a so-called “proof-of-work” system involving a network of computers that each perform small amounts of computational work. These “miners” help to ensure the integrity of the decentralized ledger in exchange for a bit of the currency.

This has led to a type of attack called “cryptojacking,” which involves installing a script on your site that uses your visitors’ computers to mine for cryptocurrency. What makes this particularly insidious is that there may be no obvious sign of the compromise other than slow browser performance when your site is open.

Crypto mining has traditionally been the domain of specialized computer setups using powerful graphics cards, but a couple of recent developments have changed this. First, the cryptocurrency Monero uses a proof-of-work algorithm that makes mining more feasible on regular CPUs. Second, the company Coinhive makes it easy to install JavaScript-based Monero miners on any page. As a result, cryptojacking has become especially popular as of this writing.

What Can You Do to Protect Yourself?

While it’s impossible to make your site completely hack-proof, there are a couple of steps you can take to safeguard your data make things harder for the baddies.

It’s important to stay on top of updates of content management engines like WordPress and Joomla. Most smaller sites are built on these kinds of systems, and outdated software is one of the most common attack vectors used by hackers. Any plugins or themes should also be kept up-to-date.

If you hire contractors to create a site that’s particularly security-sensitive, it would make sense to conduct an independent security audit before it goes live.

Finally, your most important defensive strategy is to regularly create backups and to know how to restore them in the event of a problem.

Some of this advice might seem simple, but an enormous number of compromises can be traced back to unpatched software or simple coding errors. And even large, well-staffed companies regularly lose critical data due to a lack of backups.

By being realistic about the odds and taking a few precautions ahead of time, you can improve your chances against most kinds of attacks— and limit the effects on your livelihood if a breach does happen.

Editors Note: Put a WEBGAP between you and the malware with a browser isolation technology or by leveraging a remote browser service.