Your website doesn’t contain government secrets or confidential trade information, so why would a hacker waste their time going after it? Don’t they have bigger fish to catch? If this is a question that you have ever asked yourself then this article should help clear things up for you. The following are reasons why your website would be hacked beyond the obvious reasons of obtaining access to sensitive information.
1) Automated Attacks
Cyber-attacks are not necessarily targeted, or done with intention. Rather, attacks often blindly attempt exploits on as many websites as required until they compromise a sufficient number of systems. Automated tools can be used by any attacker; regardless of skill level.
The point is, hackers may not know or care about how big or small your business is, but instead will compromise your website simply to launch attacks on your customers. Instead of launching targeted attacks on your business, these are called attacks of opportunity; “Why? Because we can”.
Not all cyber-attacks occur with malicious intent. Typically, in summer months, websites are compromised out of complete boredom. A large percentage of these attacks originate from young, computer-savvy teens with nothing else to do. Sometimes they’re experimenting with exploits (“script kiddies”) or looking to explore their capabilities.
Your website itself may not contain sensitive information, but that may not be what hackers are after . Your website is a conduit to your back-end infrastructure which can provide an attacker with access to CPU, memory, storage, and network connectivity.
These commodities can provide them with the computing power they need to perform automated attacks, provide anonymity, complete complex computations such as those used to mine digital currencies or various other purposes. By using your server, the hacker becomes harder to track, as their activities are performed on a network IP address not associated with them in any way.
4) Drive-By Downloads
A very lucrative business in hacking is called a “Drive-By Download” where a hacker deploys an exploit kit on your website to trigger the automated installation of malware on the computer of any users who “Drive-By”. The purpose of the malware is up to the hacker’s imagination, however, a significant percentage of “Drive-By” downloads will result in Ransomware or Spyware.
With Ransomware, a hacker encrypts all files on the compromised computer and offer to restore them for a fee. Alternatively, Spyware is designed to log key strokes and mouse clicks in order to find out a target’s banking credentials. Both of these technologies have been commoditized in underground forums and sold for a little as $400.00.
5) Blackhat SEO Spam
This is a very common form of hacking which is not very damaging to you, but is quite pesky. A hacker will add links throughout your website in order to improve the SEO rankings of the affiliated website. Though it is a relatively simple process to restore from backups and change your credentials, it is yet another reason a hacker may try to compromise your website.
There are many bigger, more obvious reasons for hackers to access a website, such as the security incidents relating to Yahoo, LinkedIn and E-Bay, to name a few. Don’t forget that even as a small business, or a business with “nothing to hide” there are plenty of reasons for your website to be hacked.