Website Compromise

Cybercriminals can compromise your website applications to steal data users provide to the website, such as payment card information on an e-commerce site, or identifying personal  information such as government identification numbers that the cybercriminal can use for  impersonation and fraud.

When cybercriminals use stolen payment cards, they often run small-value transactions first to test that the cards are valid. To do that, they often target websites that accept payment cards—charity or crowdfunding sites are popular because of their donation pages. A compromised website can saddle the website owner with tens of thousands in payment card fees just from many small test transactions.

Websites can be defaced for political, activism, terrorist related reasons, or to add pressure in a cyberextortion attack. Defacing a website may also be a way for a hacker to demonstrate their competency. Cybercriminals can also exploit an established website, making changes that redirect web traffic to a malicious or fraudulent website instead, a tactic often seen in cryptocurrency scams.

If website forms are not designed properly to validate information that is entered into the requested form fields, cybercriminals can use automated queries to overwhelm the website and crash it. For more, see here.

The number of services, frameworks, and applications on a web server can make it challenging to ensure that they are security patched regularly and successfully. Having a third-party expert independently verify the work of the security team protecting the website can be very helpful. Also, if your website is managed by a third-party provider, your service agreement with them should specify a definite time period in which they will patch your assets.

Using a payment processor can prevent the need to store payment card information. An Iframe (or inline frame) can be used to embed interactive elements onto a webpage so that sensitive information (such as payment card data) is sent to the appropriate processor instead of being stored within the website directly. This can limit the information available to a cybercriminal even if the website is compromised.

A CDN can enable the distribution of web content across a larger area, and enhance security. CDNs often have a level of resilience that exceeds the capabilities of most organisations’ security measures. As a result, DDoS attacks are often less effective when targeting websites that have their traffic routed through a CDN. 

The first reaction is often to roll back the website to a previous safe version, but that could prevent you from learning what the cybercriminals have done. If this happens, you may have to guess how many individuals have been affected, increasing your response costs and possible third-party claims. We recommend that you use experts to help collect the evidence of a compromise and restore the website to a usable state.