Understanding "Why" helps protect you
"Why do hackers want my website?" Is the question we're asked many times.
There are two answers to this. First, for fame. Second, for money.
Fame isn't something most would associate with criminal activity, but it's not the type of notoriety most people are accustomed to. Often times, if your website is defaced, the hackers were doing it to gain recognition in the world of cyber criminals.
Occassionally, hackers have contests to see who can "hack" the most websites during a 24 hour period. There is typically a website the hackers can check to see where they rank.
As stated, the second most reason hackers want your website is for money.
They're not necessarily looking for credit card information, but they have so many other ways of making money from your website.
- Send spam from your website
- Rent access to your website to other hackers who send spam
- Inject malicious code on your site to infect visitors. Hackers can then steal information from your visitors computers
- Use your site to attack other websites
- Rent access to your website to other hackers who use it to attack other websites
- Use your site for phishing
- Use your site for their own SEO for pharmaceutical sales
- And many, many more...
Hackers use a concept presented a long time ago by Robert Allen, "Multiple streams of income".
They know that you'll eventually find and remove their malware. However, they're just looking for longevity. That's why it's important to have all of your websites serviced.
Let's say you have a web hosting account with 5 websites on it. Hackers might find a point of entry on website #2. They may not infect that site because they don't want to draw any of your attention to it. They'll infect one or more of the other sites.
Then they'll install a backdoor shell in various places on your hosting account. These backdoor shells give them access to your files much like a file manager. This way, when you do find and remove their original point of entry they can still re-infect your website over and over again, until you find and remove all of their backdoor shells too.
Hackers are just looking for longevity. They know you'll eventually find and remove their malware. They just want to use your website for as long as they possibly can.
With multiple streams of income and possibly millions of websites under their control, it's easy to see how they're making money.
And it's not just one group. There are hundreds, if not thousands of cyber criminal groups around the world. Some, work independently, others band together to work as a collaboration.
Key points to remember:
- Hackers want to infect all websites - even "little" websites.
- Their primary motivation is money.
- Cyber criminals have many ways of making money with your website.
- They are looking for longevity. They will infect your site or sites, with multiple backdoors.
Cyber criminals only need to find one point of entry to your website. Your website needs to be protected from all points of entry.