It’s not the first time that hackers join forces to target websites. In fact, it’s a daily occurrence. Any website can be left vulnerable to hackers if proactive security and monitoring processes aren’t in place to defend against them.
Most of the time there isn’t a sinister motive behind a hack, hackers are mostly opportunists to steal your traffic or looking for kudos from their peers. There’s even public forums where their victories are publicised and announced. The higher the kudos or traffic the more attention you will get from hackers. The ultimate prize of course in this is widespread media attention and notoriety - but due to the nature of the work, little fame or financial reward. This is more about Kudos within a peer group.
So, why is the threat to Donald Trump any different to these every day attacks?
Most attacks are carried out by individuals or small allegiances that join forces to take down a website and share the fame following. The success of any attack is determined by the amount of resource an individual or coalition of hackers can gather together. This means that the majority of the time a hack is unsuccessful.
Donald Trump has rattled the cage of the Anonymous hacktivist group who have declared “total war” on the presidential candidate.
Anonymous have called for all hackers to attack trumpchicago.com on April Fool’s day. What’s the problem here? There are thousands of hackers around the world in unison they will be targeting the site with one goal, to take the website down. A goal that is easily achievable if the web team don’t step up their security pronto.
Anonymous haven’t declared how they will attack the site. However a previous attempt in December took down the website using a DDOS attack so a similar method utilising resources from the hacker network world wide would probably be the method of choice.
DDOS attacks work by overloading the server with dummy requests. This drains the resources available on the server, slows the site down then ultimately stops the site from responding to anymore requests taking the site down.
The diagram below shows the process for a DDOS attack. The threat to Trump Towers is ultimately more detrimental. There are thousands of thousands of hackers around the world, each with access to a number of zombie pc’s.
The threat to Trump Towers is ultimately more detrimental. There are thousands of thousands of hackers around the world, each with access to a number of zombie pc’s.
I don’t think we’ll be seeing trumpchicago.com available on April Fools Day. Sorry Donald.
It wouldn’t surprise me if Anonymous decide to use a multi prong attack. There are other methods that don’t take the site down. They either change the aesthetics of the page to show images that may be offending or damage your reputation or drive your traffic to another website. This could be thoroughly embarrassing should Anonymous decide to point the traffic to another site that conflict with his extreme views.
We’ll have to wait and see what they have planned.
For the hackers the outcome is ultimately media attention. But what does this mean for the website?
Short term, there’s the immediate loss in traffic and potential loss in sales. I’m sure this is pocket change and won’t be missed.
Long term, the ripples of this attack can last for months if not years. Search engines are now targeting slow page load speeds and hacked pages. Approximately 64.68% of trumpchicago.com traffic comes from search. We could see this diminish rapidly as rankings potentially drop directly having an impact on leads/enquiries.
So what’s my point?
Any website owner can fall victim to hackers. It’s up to you and your digital agency to make sure that the site is secure.
Many organisations mistakenly believe that they are too small to attract a web hacker, which leads them to overlook web security altogether. However, studies show that small businesses are just as, if not more, vulnerable to web hacking than large companies. The key difference being that major corporations have a substantial amount of resources, capital, and dedicated security specialists to counteract potential cyber attacks that they may encounter.
According to the National Cybersecurity Alliance, about 60 per cent of small companies will close within ten months of a major cyber attack due to high costs, loss of customer information, and damaged brand reputation. Web hackers have proven that any organisation is susceptible to hacking attempts.
Hackers always stay one step ahead As mentioned above, many small organisations tend to overlook web security as a necessity. There needs to be a knowledge that your website is a live organism and sits inside an online environment where elements change instantly.
One major mistaken that is committed by small companies is to place the responsibility of online security onto others. For instance, many smaller companies believe that using brand name CMS platforms, email clients, and even well-known hosting service providers will entitle them to proper web security. We as an agency are always on the lookout for potential threats and outline exactly why retainers are so necessary if you don't know what you are looking for.
Web hackers are fully aware of the fact that smaller companies tend to overlook the growing requirements in securing their most valued assets.
What can you do to protect yourself?
Web security needs to be executed using a joint approach: protecting your internal network and also monitoring your wider network perimeter To keep your infrastructure clean from any bugs and potential malicious attacks, we recommended that you use website scanners to help detect and remove malware/viruses. Malware is the most common and dangerous forms of web attack that can negatively impact your business. It is also recommended to use a network firewall that can help monitor network activity and detect any attempts to access files within your own network.
For more wider based security, it will be effective to monitor all web traffic and visitors that come into your website. We as an agency have previously implemented a high performance Web Application Firewall (WAF) to monitor and filter malicious web attacks before they ever reach a client's internal network. This can be a great first line defense, especially for smaller companies, to help block any would be web hackers from accessing sensitive data that is found on your server. For ecommerce sites the risk is substantially greater there are fines associated of up to $100,000 should your site be compromised and correct procedures are not followed, perhaps its time to invest in PCI DSS compliance if you haven’t already.