We often talk to site owners who are surprised that their sites are targeted by attackers. Most of them assume that if there isn’t any juicy data to steal, like credit card numbers, that compromising their site is a worthless exercise. Unfortunately they are wrong. Aside from data, a compromised site’s visitors can be monetized in various malicious ways. The web server can be used to run malicious software and host content and the reputation of the domain name and IP address can be leveraged. Last month we ran a survey that included the following open ended question for people who reported that their site had been compromised: What did the hackers do to your site? We received a total of 873 responses that could be categorized, which we did by hand. The chart below reflects the results. Many of the responses described multiple categories, so the percentages on the chart below deliberately add up to greater than 100%. We did not include categories for “installed backdoor” or “installed malware”. We consider that to be more of a means to an end. Instead we focused on answering the question, “what’s in it for the attacker?”. As you can see from the chart there are a wide variety of things
Share This