Intrusion attempts into websites is steadily increasing and is becoming increasingly automated with large resources. At the same time, it can be stated that too many website owners do not take the risks seriously and often even ignore protecting their website against hackers as they do not believe that the costs of better protection are justified.
A report from Verizon Data Breach reads that web applications were the main target for hackers in 2018 and accounted for as much as 70% of all reported violations. 71% of the incidents were about finances and 25% had political motives or were espionage of some kind.
Today we see a strongly growing trend where intrusion attempts are about spreading extortion virus (ransomware) which tripled in number in Sweden in 2020 compared to 2019 at a cost of just over SEK 30 billion.
We have often been asked why websites need to be better protected. Some of the most important reasons for risk:
- Distribution of malicious software.
An attacker could use the website to host malware by inserting or modifying links in the website to instead download and install, for example, blackmail viruses in the visitor’s computer.
It is also common with installations of Bitcoin mining (cryptojacking) programs that then eat up much of the server’s resources and often completely avoid discovery. Or downloaded to visitors personal computers via malicious links.
Depending on the type of intrusion, malware is also often uploaded to the web server where it is hidden and can re-infect the site after a restore, sometimes with a delay of a few weeks before it strikes again. - Host for malicious attacks.
The vast majority of intrusions take place from already taken over servers where the website may remain untouched, but the server’s resources are used in intrusion attempts on other servers, without the server owner even being aware of what is happening.
Good protection systems automatically report intrusion attempts to the service provider responsible for the IP address, which often results in the server being reported to be behind the intrusion attempt, or access to it, shutting down with immediate effect to avoid further incidents.
As the owner of a server that is used as a host in an attempted intrusion, you not only risk being shut down, you also risk claims for damages.
If Google and other search services discover that your website is spreading malicious software, all search data is usually deleted from their system and you end up starting over with the SEO job if and when the website is online again. - Access to sensitive data or intellectual property rights.
Many websites collect, store, use or process confidential information such as debit cards, account information, personally identifiable information or have embedded payment systems, etc., and are subject to the GDPR regulations in the EU.
The owner of the website may, in the event of negligence, ie not taking sufficient protective measures, be punished with a large fine for violating these.
In many cases, websites may contain intangible property such as secret or sensitive business documents, sales information, etc. that require login via, for example, a customer portal.
An infringement of intellectual property rights can reveal a competitive advantage, damage the reputation, jeopardize customer and supplier data, etc. - Further education and bragging.
Hackers also need further training and do this by testing new security holes and flaws. Small businesses and other smaller websites generally have poorer protection than large ones and are therefore often used as a test environment.
Successful intrusions can at best result in a maliciously easy-to-clean message, but more and more often the hacker creates backdoors to the server and, for example, sells it as a resource to be part of a larger hacker cluster.
Hackers often like the attention of their peers and make intrusion attempts just to show that you can. One of the most common reasons why hackers get caught is that they share their hacks and intrusions online, ie brag about it in hacker groups etc.
And of course, there is always the risk that they will damage something or sell a new resource in the event of a successful intrusion.
As already mentioned in my examples above, it is very common today for small businesses or other smaller websites to be targets for intrusion attempts.
The reason for this is that the smaller websites have less protection than the large websites, that the smaller websites increasingly contain sensitive information that previously only existed in the large websites, that small businesses are more likely to pay extortion money without reporting to the police, that intrusion attempts are becoming increasingly automated and can be more easily spread out in many places. Intrusion is today sold favorably as SaaS (Software as a Service).
Website protection is primarily about knowledge and is not as expensive as many people imagine. As a rule, it is a matter of doing a test of the existing systems and then closing the holes you find. Also, do not trust that your supplier lives up to the security requirements, after all, only you as the owner of your website are responsible for this and may take the brunt if something goes wrong.
Feel free to contact us if you need help with testing and measures at a favorable price!
