How Hackers Make Money On Your Website

Right now, your website is under attack. That's not an exaggeration, nor a sales pitch, it is a fact. Millions of web servers, office computers and even home computers have been compromised by bot-nets and are now part of the Zombie Armies that are attacking every live website every minute of every day, everywhere. This article will describe not only the types of attacks most widely used, but how these criminals make money with them.

The two things website owners say when they hear this is, "I'm too small for them to care about me" or "We have guys that take care of that". Too often, both answers are false, and their website is slow from constant attacks. Most IT people don't pay much attention to the company's website until there is a problem, and most WordPress sites online right now have critical vulnerabilities that could be addresses easily with plugin updates.

Before we get into the types of attacks, let's address the two statements above:

"I'm too small for them to care about me". Au contraire small business owners, you are never too small for a hacker to like you. As a matter of fact, smaller websites are particularly appetizing to hacker networks, they are usually easy to compromise and use to grow their Bot-Nets (also known as Zombie Armies).

"We have guys that take care of that". While your IT people are good at their jobs keeping your networks and computers working at peak efficiency, it is a sad fact that most of them don't know the first thing about web hosting, website security or working with your CMS. Most business owners don't take website security seriously until they have been hacked. This cavalier attitude is what is helping Russian Command and Control (A.K.A. C2) operators compromise 30,000 websites per day worldwide, and grown their Armies to epic proportions.

So, here are the top 15 cyberattacks every website is dealing with right now, and how hackers make money on them:

1. SQL Injection: This is a type of attack where the hacker injects malicious code into a website's SQL database in order to gain access to sensitive information or perform unauthorized actions.

2. Cross-Site Scripting (XSS): This type of attack involves injecting malicious code into a website, which then gets executed by the browser of any user who visits the site.

3. Phishing: This type of attack involves tricking users into providing sensitive information, such as login credentials, through fake websites or emails that appear to be from legitimate sources.

4. Brute force attacks: This type of attack involves attempting to guess a website's login credentials by trying different combinations of username and password.

5. Password cracking: This type of attack involves using specialized software to crack the encryption on a website's password database.

6. Man-in-the-middle (MitM) attacks: This type of attack involves intercepting and modifying the communication between a website and its users in order to steal sensitive information or perform unauthorized actions. How they make money on this type of attack is described in detail later.

7. Malware: This type of attack involves injecting malware into a website in order to redirect visitors to other sites, steal sensitive information, or install malware on visitors' computers.

8. Distributed Denial of Service (DDoS) Attack: This type of attack involves overwhelming a website's server with a large amount of traffic in order to make it unavailable to legitimate users.

9. File Inclusion Vulnerabilities: This type of attack involves exploiting a vulnerability in a website's file inclusion mechanism in order to upload malicious files to the server or execute arbitrary code.

10. Ransomware: This type of attack involves encrypting a website's files and demanding a ransom in order to restore access.

11. Remote Code Execution (RCE): This type of attack involves exploiting a vulnerability in a website's code in order to execute arbitrary code on the server.

12. Denial of Service (DoS) Attack: This type of attack involves overwhelming a website's server with a large amount of traffic in order to make it unavailable to legitimate users.

13. Clickjacking: This type of attack involves tricking users into clicking a link they didn't intend to, such as downloading malware or giving away sensitive information.

14. Domain Name System (DNS) Attack: This type of attack involves redirecting a website's traffic to a different server in order to steal sensitive information or perform unauthorized actions.

15. Command Injection: This type of attack involves injecting malicious code into a website's command line interface in order to gain access to sensitive information or perform unauthorized actions.

How they make money on compromised websites

Commanders of C2 servers can make money through a variety of methods using the techniques of attacks mentioned earlier. Here are a few examples:

1. Ransomware: Commanders of C2 servers can use ransomware to encrypt a website's files and then demand a ransom in order to restore access. This can be a highly profitable method for attackers, as businesses may be willing to pay a large sum to regain access to their files.
   
   
2. Phishing: Commanders of C2 servers can use phishing techniques to trick users into providing sensitive information, such as login credentials or credit card numbers. They can then use this information for financial gain, such as by making unauthorized transactions or selling the information on the black market.
   
   
3. Malware: Commanders of C2 servers can use malware to steal sensitive information from users, such as login credentials or credit card numbers. They can then use this information for financial gain, such as by making unauthorized transactions or selling the information on the black market.
   
   
4. Cryptocurrency Mining: Commanders of C2 servers can use their control of the infected machines to mine cryptocurrency, the process of using computational power of the infected machines to generate new coins, they can make money by doing this.
   
   
5. Selling Access: Commanders of C2 servers can also make money by renting or selling access to their botnets to other attackers. This allows others to launch attacks using the compromised machines, increasing the scale and effectiveness of their own attacks.
   
   
6. Advertising Fraud: Commanders of C2 servers can use the infected machines to generate fake clicks and views for online advertising, generating revenue for themselves or the companies they are affiliated with.
   
   

7. Man-in-the-middle (MitM) attacks are a type of cyber attack where the attacker intercepts and modifies the communication between a website and its users in order to steal sensitive information or perform unauthorized actions. Hackers can make money through a variety of methods using MitM attacks, such as:

   • Phishing: Hackers can use MitM attacks to intercept and modify emails or other communications, tricking users into providing sensitive information, such as login credentials or credit card numbers. They can then use this information for financial gain, such as by making unauthorized transactions or selling the information on the black market.
   • E-commerce fraud: Hackers can use MitM attacks to intercept and modify the communication between a user and an e-commerce website, changing the details of an order, such as the shipping address or the payment method. They can then receive the goods or money without paying for them.
   • Banking fraud: Hackers can use MitM attacks to intercept and modify the communication between a user and their bank, tricking the user into providing sensitive information or stealing their login credentials. They can then use this information to make unauthorized transactions or access the user's account./li>
   • Cryptocurrency theft: Hackers can use MitM attacks to intercept and modify the communication between a user and their cryptocurrency wallet, stealing the user's private keys or tricking them into sending money to a different address.
   • Advertising Fraud: Commanders of C2 servers can use the infected machines to generate fake clicks and views for online advertising, generating revenue for themselves or the companies they are affiliated with.

   It's important to note that MitM attacks can be hard to detect and prevent, as the attacker is able to intercept and modify the communication between the user and the website without the user being aware of it. This makes them a particularly dangerous type of cyber attack. To protect against MitM attacks, it's important to use secure communication protocols, such as HTTPS and SSL/TLS, and to use a virtual private network (VPN) when accessing sensitive information or performing financial transactions online. Additionally, users should be cautious when receiving emails or other communications that ask for sensitive information and should always verify the authenticity of the sender and the communication. It's also important to keep your software and operating system updated to protect against known vulnerabilities that can be exploited by attackers in MitM attacks.

How do they find me?

This is the next question website owners ask when they realize they are under attack. Hackers have programs that look for new domain registrations, check search engine rankings down to the hundredth page of results, and use their bot-nets to attack each domain they find in a web server. These are just the most common methods of finding victims, they have many others.

No website is too large or too small for these cyber-criminals and most of them focus on smaller websites that have minimal security or outdated plugins. The larger they grow their Zombie Armies, the more power they wield to bring any company to it's knees, cost millions in credit card fraud, steal identities, hold you for ransom, or just use your computers' power and connectivity to make them money.