- Dec 30, 2012
- 4,809
Quite an interesting read from the "Sucuri blog"
We deal with different types of malware injections and compromises everyday and the most common question our clients ask us is, “Why me? Why my small little site?”
There are so many answers to this question. In some cases, someone may attack a site for fun, they may do so in the name of “Hacktivism” or it could be someone trying to prove what he/she can do. However, most of the time, it’s done for the same reason most unethical things are done:
Show me the Money!
As in many other walks of life, if there is money to be made unethically by attacking websites, then there will be some people out there willing to make it. Unfortunately there is a LOT of money to be made by taking advantage of websites that don’t have security measures put in place.
People hack sites for money. They make money distributing malware, SEO spam and even phishing. While we still encounter defacements and some other activities that do not give monetary gain to an attacker, money is the most common reason we see for attacks on websites.
To illustrate this point, we recently resolved a case where a customer was being blackmailed regarding a Google AdSense account. AdSense extortion isn’t new (there are several reports from users complaining about it), but this client’s story helps to explain what it could mean for “your small site,” and why it makes sense for an attacker to target many small sites without security measures in place instead of a couple of large ones that may offer a bigger reward per site but be more difficult to attack.
Lets get to our client’s story:
More
We deal with different types of malware injections and compromises everyday and the most common question our clients ask us is, “Why me? Why my small little site?”
There are so many answers to this question. In some cases, someone may attack a site for fun, they may do so in the name of “Hacktivism” or it could be someone trying to prove what he/she can do. However, most of the time, it’s done for the same reason most unethical things are done:
Show me the Money!
As in many other walks of life, if there is money to be made unethically by attacking websites, then there will be some people out there willing to make it. Unfortunately there is a LOT of money to be made by taking advantage of websites that don’t have security measures put in place.
People hack sites for money. They make money distributing malware, SEO spam and even phishing. While we still encounter defacements and some other activities that do not give monetary gain to an attacker, money is the most common reason we see for attacks on websites.
To illustrate this point, we recently resolved a case where a customer was being blackmailed regarding a Google AdSense account. AdSense extortion isn’t new (there are several reports from users complaining about it), but this client’s story helps to explain what it could mean for “your small site,” and why it makes sense for an attacker to target many small sites without security measures in place instead of a couple of large ones that may offer a bigger reward per site but be more difficult to attack.
Lets get to our client’s story:
More