Take a Deep Breath

Journalist Heather Brooke is quoted as saying that website hackers often describe what they do as ‘playful creative problem solving.’
 
Really?
 
If any of your websites have ever been hacked, you understand the overwhelming fear racing through your mind and body. Blood, sweat and tears of your business is on the line. You may also, understandably, feel completely creeped out. It’s like being violated when you find out someone’s broken into your home. You’re not sure what’s been touched or taken, you just know everything’s a mess. Then you try to put things back together, and discover the damage. We sometimes get calls from frightened victims of hacking that truly have no idea why their website is jacked up or why Google (or another browser) sent them an alert that they were hacked. Why me, they ask.
 
What could a hacker possibly want? You’re not rich nor famous, your company is not high-security, and you run a service-based website that does not sell any products. So, what the hack?
 
How About Getting a Real Job
I guess there are a few who undoubtedly just hack for fun, but the majority of malicious hacking is done, unsurprisingly, for financial gain. Yet another new career path for a criminal. There are a lot of ways a hacker can monetize their criminal activity. From simple, age-old tactics to clever new strategies, there’s a lot that keeps the hackers’ economy afloat, and lots more we need to keep up on to prevent it from happening.
 
Motivation for Violation
If a website is service-based only, that means there is no monetary exchange, and no credit card information being strewn about in cyber space, right? But there is lots of other personal data that can be turned into profit for a hacker and their hacker-buddies. Personal information can be used to commit identity theft, and those who purloin such data can sell it to the dark web instead. In February 2019, some 617 million online account details were stolen from 16 hacked websites in the UK and put up for sale on the dark web.
 
The dark web is full of dark activities. Personal data like passport numbers taken from the 2019 Marriott breach can make huge profits internationally. Email addresses lifted from compromised databases are also big money makers. Email addresses enable fraudsters to commit phishing campaigns, which in turn could lead to identity theft or the spreading of malware for other monetization streams. That malware in question could be adware, crypto mining software or even our old friend ransomware. Both of these hack examples can be done fairly easily.
 
Is There a Little Hacker Dude Hiding in My Computer?
Like me, you’d probably like to know if your computer’s been lobotomized along with your website. Maybe you think you opened a phishy email, but aren’t quite sure if you let the bad guys in. Look for these warning signs and then contact your security guy pronto:
 
• Password suddenly doesn’t work.
• Antivirus program has shut down.
• Notified by friends that you’ve been sending them odd links and messages.
• You start receiving ransomware or fake antivirus messages.
• When browsing, random popups appear.
• Installed software programs don’t initiate.
• People start accepting social media invitations you never sent.
 
A Virtual Stake Through the Heart Might Not Work
Is all lost if my computer becomes the living dead? Well, not always. There are some steps you can take, assuming it hasn’t been bricked (e.g. turned into a very expensive door stop).
 
• Treat your computer like Typhoid Mary and put it in isolation. While connected to the Internet, the puppet master can still pull your PC’s strings. Snip ‘em, i.e., disconnect from the Internet and turn off both software and hardware WiFi connections.
• Hackers are very clever. They can make you think you are offline when their malware is working undetected in the background.
• Warn family and friends of the breach.
• Be sure to back up important files on portable hard drives or encrypted in the cloud.
 
Keep the Door Locked
How do I discourage a hacker?
• Change passwords two or three times a year. I know it’s a hassle, but you’ll thank me later.
• Passwords should be a minimum of eight (8) characters. No personal stuff, i.e., your kids’ names or your birthday.
• Make the investment and install a good antivirus program. We suggest Webroot SecureAnywhere.
• Don’t open suspicious emails or attachments.
 
Zombies don’t just exist in fictional films but are alive and causing malicious attacks under remote areas by hackers. Every year, they are craftier, which means we all must become craftier-er-er. Always know where your laptop, tablet, and cell phone are, and check the credentials of those you allow access. When it comes to email spam, just say no.
 
As always, StraightFire offers free assessment, no pressure.