Did you know that 230,000 new malwares are produced each day? This worrying stat also explains that this number is predicted to grow; plus, 43% of cyberattacks affect small businesses. Due to these stats (and more others) cybersecurity has become a trend for everyone to educate themselves in order to find more ways to protect themselves.
According to Alessandro Bazzoni, a recent study revealed a 768% growth in RDP (Remote Desktop Protocol) attacks between the first and last four months of 2020.
That’s why we believe it is important to talk about how attackers can be using your resources for other purposes and what they might be doing with it. Remember that cybersecurity is as important as your personal security so make sure you read and understand every way.
“It is easier to understand how cybercriminals monetize the compromise of a site that hosts millions of personal data or a site for making online purchases where users enter sensitive data when making an electronic payment. But sites without obvious appeal like sensitive data or personal information that can be exposed are also targeted. Cybercriminals’ interest in compromising websites not only points to sites with a large number of visitors or users, but they also take advantage of other resources available on lower-traffic pages.”, says Martina López, IT Security Researcher at ESET Latin America.
Here, ESET discusses the most common ways cybercriminals use compromised websites for their malicious purposes and why all sites can be an attractive target:
1. Insert a backdoor: These backdoors, as the name implies, are “hidden” access paths from the system’s view and allow the attacker to remotely and continuously control a compromised site. A backdoor allows the attacker to use the site in various ways, with pop-ups or unwanted advertising, or to place hidden links to carry out SEO content injection attacks or to use the site to host a malicious file, which will be referenced on another site and downloaded on the users’ computer.
Eliminating these types of threats is not easy. Being an entry that has already bypassed security controls, it is not enough to change the passwords or eliminate the infection that was planted, but it is necessary to detect the code from its place of origin and eliminate it by the roots. Otherwise, whoever installed the backdoor can access the site again and infect it again.
2. Creating spam pages: The objective of this attack is to increase the popularity of a site in a search engine. As a counterpart, what is injected into the compromised site is not about links, but about multiple HTML pages that include links to spam content or unwanted content, such as advertising or links to affiliated sites for monetary purposes.
If not quickly mitigated, the infection can go deep to such a high level that when searching for a site in search engines, these attacker-injected pages appear in the results.
3. Defacement attacks: This occurs when an attacker exploits a vulnerability to modify the visual appearance of a website. Similar to graffiti, malicious actors embody a particular message or their own signature making it clear that they are responsible for the obvious changes to the site. In the case of messages, the motivations are usually social, political or religious. They usually make clear the cause for which they carried out the attack, mentioning the culprits, who may or may not be the owners of the victim site. In addition, in some cases the shock factor is used, showing images or raw data. For example, on October 18, a site involved in the United States elections came under this type of attack.
4. Distribute phishing campaigns: Phishing is a classic of social engineering attacks. It consists of sending emails in which the identity of a trusted sender (for example, a bank or online store) is impersonated, which supposedly asks the recipient to click on a malicious link and then be directed to a page on which must enter your personal data, such as credentials or bank details, in order to resolve any emergency or serious problem. Phishing is by far the most popular method of stealing information in circulation.
5. Injecting a malware to mine cryptocurrencies: An attacker can compromise a site to inject a script and thus use the resources of the visitor’s computer, without their consent, to mine cryptocurrencies. Using a gateway such as a backdoor or a botnet, attackers can install a cryptocurrency miner on compromised sites. In this attack, what is taken advantage of are the resources of the hosting of the site, regardless of the traffic it receives.
As in most of the aforementioned attacks, this can be detected by the company that offers the hosting service to the site and, if so, the site can be penalized and even disconnected from the web, causing the site to not is available indefinitely.
“The vulnerabilities of a website can be in plugins, themes or installed add-ons that have security flaws or are out of date. That is why from ESET, we recommend keeping them updated with the latest version and constantly monitoring them to detect any suspicious activity as soon as possible with tools available to scan the sites. In addition, make backups periodically to back up important information and thus be able to recover it in the event of an incident. Added to this are the usual recommendations: use strong passwords and have an updated security solution.”, concludes López, Researcher at ESET Latin America.
As you can see, there are a lot of ways to attach a website and that is one of the reasons why cybersecurity has become so trendy recently. Alessandro Bazzoni explained that it is vital that you cover all the angles in order to make sure your website is not being used for one of the points above and to do that your best offensive is a good defensive, so make sure you hire a good IT team that can help you protect your website with the right tools.