Until relatively recently, attacks against websites were fairly easy to spot. In most cases, the hacker or hackers behind such attacks defaced vulnerable websites or simply caused them to crash. Such attacks were typically mass scale in nature and were designed to cause as much damage as possible to a very wide number of targets. In contrast, many of the web attacks these days are far more targeted and stealthy in nature and are designed specifically to evade detection by anti-malware tools and intrusion detection systems. The most common modern goal behind website attacks is often to steal sensitive information such as customer data, financial information and customer data or to extort money from targeted businesses. Detecting such website security compromises can be challenging, but even the most sophisticated attacks often end up leaving telltale signs.
One reliable sign that website security has been compromised is when an internal system suddenly begins to transmit data to an unknown IP address. Web attacks are often launched to steal data from the underlying Web servers and the systems that are attached to it. The theft is typically carried out using malware programs that are capable of sniffing out specific pieces of information and then stealthily sending it out to a remote server from where the stolen data is collected by the attacker. Sometimes, the stolen data can be sent out in a continuous stream via commonly used ports, or sometimes in can be sent out in batches at previously scheduled intervals. In either case, such data transmissions are a good indicator of compromised site security. The rogue traffic can be hard to spot without the proper malware detection and network monitoring tools.
Unexplained traffic slowdowns can be another sign that website security has been compromised. Hackers often employ what are known as distributed denial of service (DDoS) attacks to disrupt a website’s operations. In a DDoS attack, the network connections linking a website to the Internet become clogged up with useless data packets making it very hard for legitimate traffic to get through. Such attacks are very common these days and are often used to extort money from targeted websites. Dealing with DDoS attacks can be extremely challenging and often require companies to add extra network capacity and traffic filtering tools.
One of the most obvious signs of a website security compromise is when it starts serving up malicious code, adware or spyware programs. Hackers often compromise reputed and well-known websites and use those sites to distribute their malware programs to unsuspecting web page visitors. The malware programs can be hidden in banner advertisements or on other parts of the site and get automatically downloaded onto a visitor’s browser. Such compromises are often hard to find, but can be detected using website malware monitoring and malware detection tools.