security locks on bridge with mountains in the background

Understanding the Motivators, Tactics, and Impacts of Hackers

If you’re currently infected, or you’ve previously experienced an infection, or you’re just curious about the nefarious things hackers can do I’m going to be highlighting some of the motivators behind why hackers hack, which should help you understand why they do it. I’ll also give you an idea of how it can affect you and your website to help you weigh the risks, to see if website security is a thing you should be worrying about.

Why do hackers hack?

Lets look at the motivations for hacking so we can understand the mindset behind why they do it and take away any personal pressures of why any one person has been targeted.

1. Revenue

The ability for hackers to make money from your website can come in many forms such as data exfiltration which you most likely would have heard about from when Talk Talk were hacked and had credit card details stolen or the Ashley Madison scandal where personal information was stolen and leaked to the public. This sort of thing is happening all the time but we tend to only hear about the big companies.

Then you have things like impression based affiliate marketing schemes where hackers plaster your website with adverts which earns them money each time the adverts are viewed. Hackers can also be part of a criminal enterprise where they are using your resources such as your mail server to send out spam as part of a larger marketing campaign in order to get sales.

2. Audience

Some people see their websites as not being very valuable, but what they may not realise, is that they do have something of value and that’s their audience, which allows them to generate revenue in some form or another. Your audience is extremely valuable to attackers as they can be engaged with. They may install some form of desktop malware, encrypt their environment and download a trojan to steal their financial data. People soon find out how valuable their website is once hackers have taken advantage of the trust they’ve built with their audience, which leads to a loss of followers and customers.

3. Resources

Website owners tend to only think about WordPress, but we have a responsibility to the environment as a whole. The server that the website resides can have valuable components such as a mail server that can be used to send out email spam or a file server that can be integrated into a larger network to attack other websites where you can be affected in return by their nefarious acts. Once we’re online we have a responsibility that extends past the website itself so its good to be aware of this when thinking about the level of website security.

4. Lulz

This can be the most annoying of the motivators as it’s simply people doing it because they’re bored and have nothing better to do, or they see it as a badge of honour amongst their peers. Perhaps they find out about an outdated CMS with a known vulnerability via Google Dorks and they learn how to take advantage of the exploit resulting in them making their way into your environment. This can be the most frustrating of the motivators as they’re doing it for fun and have no consideration to you as a website owner. This can also be the most severe because they have no motivation for revenue, audience, or resources so they may just delete everything and if you’ve not got backups in place then this can be fatal.

Things hackers do

Hackers may want to log in and abuse your environment and they may have motivations to do that but what exactly can they do? When we’re working with infections we only see what the attacker wants us to see. Often like an iceberg we don’t see what’s actually doing the most damage. For example if we see that it’s distributing some kind of malware the odds are that they have some backdoors to re-access our environment or server level scripts to distribute malware or attack other sites as part of a larger network.

Infection types

There are many different types of infections and what we usually find is that hackers have tried a little bit of everything to see what works. Rather than look at an exhaustive list here are the top 8 infection types that effect websites of all sizes from large to small organisations and blogs.

1. Malware distribution

Malware (malicious software) tends to be delivered via drive-by-download attempts. This is where you’ve visited a website and unknown to you it has created a dialog box on your desktop asking you to clean your PC or to upgrade your anti-virus program. Because people don’t see it until they have closed their browser and returned to the desktop they don’t see the relationship between the desktop and the website so they trust the dialog box and click the call to action which downloads and installs the malicious code.

2. Search engine poisoning

With search engine poisoning attackers are able to abuse how search engines view your website. So perhaps you like to talk about security on your website but someone searches via Google and sees that you’re talking about viagra, betting, or luxury goods such as trying to sell them the latest Gucci bags.

3. Phishing lures

This is where attackers use a website of a known environment like Facebook, Paypal etc and try to trick you into giving sensitive information such as your login details. You could receive an email from Paypal requesting that you login to reset your password, so you click the link and enter your current password etc and it all gets captured and sent to a command and control environment. This can be facilitated via peoples websites by being embedded in discreet locations on their server and added to offence related email campaigns.

4. Spam Email

Similar to Phishing lures in that Spam Email can be distributed on a continuous basis which may be part of a larger marketing campaign and distributed by many servers. Once a server is shutoff it doesn’t affect the hackers as they may have 10 more servers as part of their larger network.

5. Defacement

This is where your website has been replaced with something else such as an activist message or statement. Suddenly you visit your website and you want to free Palestine, or you’re Pro-ISIS, or you’re pro some activity you may be against. Whatever the case may be this kind of attack tends to be about hacktivism for a politically or socially motivated purpose.

6. DDoS/Bot Scripts/Backdoors

DDoS attacks are where hackers are able to use your environment to attack other environments as part of a larger network. Such attacks include the injection of Bot Scripts that run simple and repetitive tasks such as trying to guess your login credentials at a much higher rate than would be possible for any one person. Once logged into your environment they may install backdoors that look to abuse your access control. Perhaps you’re using 2 factor authentication and you have ip whitelisting on wp-admin but now through a backdoor an attacker is able to bypass all of those controls and simply access the environment without going through the normal route.

7. Ransomware

This is where hackers log into an environment and hold the website hostage. They encrypt the entire directory so if there is no backup in place then the options are to pay them in bitcoin to decrypt the directory, or rebuild the entire website.

8. Data Exfiltration

We often hear about this on a large scale via the news (Talk Talk, Ashley Madison etc..) but it actually happens more often on smaller scales such as small businesses with just a few hundred customers. Data exfiltration extends beyond credit cards and goes into information like personal identifiable information.

The impacts of a compromise

With the understanding of different infection types it’s important to think about how it can impact us not only from a business perspective but also how it can affect us from a technical perspective.

Business Impacts

Brand Reputation

If we have an online presence, whether that be a blog, brochure or Ecommerce site it was built and deployed for a reason so we have a responsibility to that brand. Even if a website only has 100 visitors that don’t return, it can be critical to the reputation of that brand. However the tolerance is evolving so as long as we work with our audience to explain what has happened they tend to be a lot more understanding. It’s up to business owners to decide if they’re willing to accept the risk of their brand being tarnished or their website being down for x amount of time.

Economic Impacts

If you get blacklisted, or if someone is unable to access your website, or your audience loses faith in what you’re providing them then you don’t generate any new traffic, or growth and sales. Beyond the ability to generate revenue you should think about what you will spend in time and money to get your website back up and running.

You should also think about if its something that you should be doing, or if you should you be focusing on the business. How are you going to move forward post compromise? What software, technology, personal and training do you need to invest in to ensure that it doesn’t happen again? Or are you ok with it happening again and if so what financial implications will be involved each time it happens.

Emotional Distress

Emotional distress doesn’t get discussed as often but it’s actually really important. When a compromise happens it can lead to a tremendous amount of anxiety and frustration. Not knowing whats happening and how long it will take to sort out can feel like the end of the world. It can also be confusing when you don’t know who talk to, you may speak with your host and they say that they’re not responsible for the website, only the network itself but you didn’t realise when you signed up.

It can also cause a lot of anger as your website is really important and you can’t believe that someone would do this to you. Perhaps you were just about to launch a new post or were expecting thousands of visitors due a product launch. This can lead to a lot of sadness and despair. You may then go through a phase of distrust, not giving anybody access to your environment, knowing what plugins to use, and knowing how good a host provider is. This can lead to an erosion of trust in technology, internet and people which in return can damage your business.

Technical Impacts

Website Blacklisting

Blacklisting can affect you the most because search engines have the ability to stop people from accessing your website, and it extends beyond search engines as when people visit your website they will be greeted with a big red page advising that you have malware and it shouldn’t be viewed, which can kill any engagement and traffic. It also extends to your servers ip address, your domain with mail servers and network firewalls like Norton and McAfee blocking people from accessing your website which can extend to mobile phone providers and more.

SEO Impact

An attacker can damage your search engine result pages and your search engine optimisation which can be a nightmare not only from a marketing perspective but also a technical one as it will mess up your traffic reports in your analytics program which can then take a long time to separate the good from the bad traffic. Theres also the impact to your search engine ranking as the search engines can be really quick to take away your ranking but very slow to give it back.

Visitor Compromise

We have a huge responsibility to anyone that visits our websites. When it comes to brand reputation and trust it’s up to us to provide a safe and secure environment to our visitors. To know that your website could have a contributing factor to someone getting attacked or losing their life savings would be devastating.

Thinking about Website Security

With all of this in mind lets broach the subject of website security and how to think about it. Theres a lot of information out there on what to do but to begin with its more about having the right mindset. Security is not a static state, you cant just find a technology, person or process and have it stop attackers. You need to be looking at a continuous process such as protecting the website with a firewall, detecting in the event that the protection fails and having a response protocol in place. You should know who you will touch base with, talk with and have on board to help you should your website get attacked. You should also have some kind of maintenance in place such as the administration, updates, backups and monitoring of your website.

Security is not a Do It Yourself project.

At Newt Labs we’re proactive when it comes to WordPress Security. We regularly test and update WordPress core, themes and plugins to patch exploits. We setup real-time cloud backups for peace of mind. We can store your code in Version Control which allows us to quickly see which files have changed after an attack.

We harden WordPress installs to make them more bullet proof. We track back-end activity for insights which allows us to see exactly what happened last which results in a faster fixed website. We also make use of a Firewall Protection and Intrusion Prevention System and we setup 24/7 Security Monitoring to scan your website for exploits, attacks, blacklisting and file changes.

Should your website be compromised we have a professional incident response team available 24/7/365. Overall we have the best protection, detection and response protocols in place so you can focus on running your business whilst we take care of your website.

Have something to add? Please join the discussion in the comment box below, or if you want to discuss how website security can fit within your business please get in touch via Email. We would love to hear from you.