Why do websites get hacked?

You probably think you know what hacking is, but for the avoidance of doubt, it means compromising digital devices and networks via unauthorised access to a computer system or account. Perhaps surprisingly, it’s not something that’s invariably malicious, but it’s often linked with cybercriminals stealing data and engaging in other illegal activity.

In the context of cyber security, it refers to the misuse of computers and other devices to:

• Damage or corrupt systems
• Gather information about users
• Steal documents and data
• Disrupt data-related activity

And while it may seem a modern term, actually, the word ‘hacking’ first emerged in the 1970s. What’s more, while the traditional view is of a lone rogue programmer, hackers have become increasingly sophisticated, with techniques meaning they can often bypass IT teams or cybersecurity software.

Equally, they have become skilled at creating attack vectors which trick users into opening malicious attachments or links so that, ultimately, they surrender their sensitive personal data.

So if you think that, as a small business, it won’t happen to you, think again. This problem happens to thousands of businesses annually.

The types of website hackers

It’s important to distinguish between the different types of hackers – ‘white hat’ ones who identify and fix vulnerabilities and hack into systems with permission; and ‘black hat’ attackers who crack systems maliciously with unauthorised access, for example, for malicious gain. ‘Grey’ hat hackers fall somewhere in between. There’s less criminal intent but no prior permission, and they report (often publicly) on vulnerabilities rather than fully exploiting them. However, they may demand payment in return for details of what they have discovered.

What are the key reasons behind website hacking?

Hackers attack sites for various reasons and in a number of different ways. Automated tools, exploitation of software vulnerabilities (especially with WordPress sites), and more are among the modern cybercriminal’s weapons of choice.

Sometimes, a hacker may be ‘practising’ on your website, or doing it to show they can, almost as a kind of prank.

Other common and more malicious reasons for hacking include:

• For SEO spam
  You probably know that Google will rank your site well if you link to other websites. Attackers can exploit this by installing software or running code to create myriad spammy backlinks. Worse, if this happens, you can expect a stiff penalty from Google and other search engines.

• To deliver email spam
  Nuisance emails remain rife, so a hacker who can deliver them is on to a winner.

• To spread malware
  Malware (essentially any software designed to cause intentional disruption to a computer, server, client, or computer network) is common and easy to build, so cyber criminals trade it freely. The most difficult element is getting people to download it.

• Access to payment details
  Do you use your website for payments from customers online? If so, it can become a clear target for hackers. They can use this themselves or sell the details elsewhere, even though, of course, you shouldn’t be storing personal financial information on your site.

  Some techniques can log user details as they are being entered online.

• For free advertising
  If you attract a significant volume of traffic, you may be more prone to ad hacks. Traffic can be diverted to another site, or attackers may just place ads on infiltrated sites to beef up their viewers. This tactic is easily spotted; a more subtle approach is to divert traffic from your website to another.

• To pilfer information
  Sites typically gather information from visitors over time, from email addresses to marketing plans, which may be of use to hackers, and which can be shared or sold on.

  Remember, website owners who process personal information must manage it in compliance with UK data protection law.

• To add phishing pages
  Phishing is where attackers deceive people into revealing sensitive information or installing malware. Some of these pages can look highly convincing. If someone inadvertently logs in, their details are stolen, allowing a hacker to log in again as that user at any time. Your site could be blacklisted and receive a red warning in browsers, destroying consumer confidence and trust.

• To take down your website
  If you’ve made an enemy, or someone is out for revenge or blackmail, sometimes the ultimate goal can be to get your website offline. You don’t need us to tell you how destructive this is for your business.

  There are various ways of telling whether you have been hacked, including Google warnings or contact from customers or your hosting provider informing you. Your site may suddenly slow down, or your traffic plummet, or you may see dodgy links directly on your site.

Prevention is always better than cure, and you should:

• Only use reputable plug-ins
• Have a security plug-in
• Keep software updated
• Be sure you know all your admin users and what they’re doing.

Seek assistance immediately if you suspect your site has been hacked.

Don’t be hacked off – contact us

From one-off fixes to full maintenance packages, we at SWSweb have the technology to minimise your risk of being hacked and to take prompt action should the worst happen.

Get in touch today for an informal, no-obligation chat about what we could do for your website.