I only have a small website with a few users. Why am I even interesting to hackers?
Long gone are the days when websites were hacked simply for fun, to place an “ash” message, or to wantonly destroy website data. Meanwhile, there is more illegal money to be made in cybercrime than in drug trafficking.
Large companies are often attacked specifically by very skilled hackers. to obtain data (personal data, bank data, product data, company internal data).
For the mass of normal hackers stood less the large companies in the target, these often have good IT departments and security measures and are much harder to attack. This is why anonymous mass attacks mainly affect small websites, especially those with such popular installed programs as WordPress. Here, the security precautions are usually lower, the operators more inexperienced, the software is not up-to-date – and many website operators do not even notice a hostile takeover. Until they suddenly find that web browsers are triggering alerts or Google has banned the site from the index with a “hacked” warning and you are suddenly “invisible” to the world.
Spying on data is then also not the primary goal. Therefore, your website is also a potential target, no matter how many users it has, what kind of content it shows and what kind of data it manages.
What is a hacked website useful for a hacker?
- to secretly install software for illegal so-called “bot networks”. This network is rented out by hackers for all kinds of illegal purposes, for example remote attacks on other websites (DDOS attacks);
- to encrypt the website and release it again for a ransom (ransomware) – stupid if you don’t have a backup then;
- for “Black Hat SEO” by placing dubious links to other websites (and renting such links) in order to increase the reputation of the target pages in Google;
- it also illegally diverts server processing power to lucrative BitCoin mining systems;
- illegal data (e.g. porn) is cached;
- the server is misused for sending mass mails (spam),
- fictitious target pages are created in connection with “phishing emails” in order to obtain data from email users;
- websites are sometimes used for political purposes (defacements) by placing messages there;
- and, and…
In addition, backdoors (secret access points, often in the form of a hidden administrator account) are usually created, allowing a hacker to remotely install new malware if the previously installed software is discovered or another is needed.
If a site has been hacked, the website operator must act very quickly in order not to be held responsible, e.g. due to the new IT Security Act or existing contracts with providers.
In addition, it will happen that the own page is not displayed in browsers or only with a warning notice and Google does not show the website in the search results at first.