Here is the fact: If you exist in cyberspace, you are a target.
Hackers don’t necessarily care if your data is “low value”. Things like complex passwords or other basic protection methods don’t guarantee anything, either. Cybersecurity is constantly evolving and the only way to keep up is to make sure it’s an ongoing priority.
The reasons for hacking a website go well beyond acquiring passwords, credit card info or other sensitive data. Here are three common reasons for hacks that have nothing to do with the value of the data.
Hack #1: Cryptojacking
At this point, most of us have probably heard of cryptocurrency, though the concept of cryptomining is a bit nebulous. Basically, you need a computer with some processing power to mine crypto. That means that just as your website’s server could become infected, you could likewise fall victim to this with your personal computer.
This topic can go pretty deep; scripts can seek out and disable other cryptojacking scripts or even be combined with “worm” behavior, which means it could infect other devices. The really short version is that once the malicious code infects your computer, a cryptojacker can use your resources to mine cryptocurrency. This causes everything to slow down because your website or computer will no longer have the same resources available.
Hack #2: Spam Server
Most email clients are pretty good at filtering out the junk these days, but we all know what spam looks like. It’s hard to imagine anyone would ever click the links in these emails or forum comments but they are truly ubiquitous. Again, this concept has a lot of avenues and can get pretty tricky, but the short of it is that shady behavior gets you blacklisted pretty quickly these days. If your website is “clean” it doesn’t even matter if your SEO is good. You haven’t been blacklisted. Hackers can then use your server for all sorts of shady activities, from hosting phishing pages to email spam to boosting their own SEO by backlinking (until they get you blacklisted, that is).
We probably don’t need to explain why you don’t want your website blacklisted. No one wants their SEO reputation tarnished like that.
Hack #3: For Fun or Learning
This last one is a bit vague, and it often gets overlooked. Your “simple” site could be perfect low hanging fruit for someone who is just learning. The reality is that the best way to learn is to do. Security updates happen for different platforms in different ways. Still, ultimately, there is no way to provide patches for known vulnerabilities without also offering a neat list of possible angles for a hacker.
What Can Be Done?
Every Wednesday, the Drupal Security Team releases updates. Developers at Taoti go through them and discuss if any of them could pose any serious threat to our clients – and if they do, we act on it right away. This is one of the best things you can do to protect your site – follow the security releases for your platform and update regularly.
If you are not sure your site is secure, an audit can go a long way. There are plenty of tools, techniques and modules/plugins that can help protect your site, and a security professional is the best resource to find out what is ideal for you within your budget.
If your site slows down, there are sudden changes in bandwidth use, or any kind of odd behavior, it might be time to step up your security! Conveniently, this is exactly the kind of thing we help our clients with every day. If you have questions or concerns about your website, drop us a line and let us know how we can help.