WHO IS THIS TALK FOR?
• Currently infected
• Have experienced an infection
• Curious what nefarious things hackers can do with your website
• Weighing the risks and trying to figure out if security is a thing to
worry about
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Sucuri Webinar: Impacts of a website compromise
1.
2. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR
Tony Perez | @perezbox #AskSucuri
TONY PEREZ
@perezbox
Tony Perez | @perezbox
3. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
THANK YOU!
4. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR
Tony Perez | @perezbox #AskSucuri
#AskSucuri
5. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR
Tony Perez | @perezbox #AskSucuri
TONY PEREZ
@perezbox
Tony Perez | @perezbox
6. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
WHO IS THIS TALK FOR?
• Currently infected
• Have experienced an infection
• Curious what nefarious things hackers can do with your website
• Weighing the risks and trying to figure out if security is a thing to
worry about
7. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
What’s the Motivation?
Why do hackers hack?
8. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
9. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
REVENUE
• Make money off your website or
it’s resources
• Earning potential could be based on
stealing information (i.e., data
exfiltration)
• Impression based affiliate
marketing schemes
• Criminal enterprises
10. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
AUDIENCE
• Make money off your audience
• Extremely valuable to attackers
• Ability to take advantage of the trust
you’ve built with your followers /
customers
11. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
RESOURCES
• Make money off your resources
• Abuse of the infrastructure
supporting your website
• Integrated into larger criminal
networks (a.k.a botnets)
12. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
LULZ
• Not about making money (Finally!!)
• Bored, why not?
• If it allows me to access it, why
wouldn’t I?
• Badge of honor amongst peers!
• Likely one of our kids!!!
13. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Things they do!
Understanding the tactics
14. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
15. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Various Attack Types
Malware Distribution Search Engine Poisoning Spam EmailPhishing Lures
Defacement DDoS/Bot Scripts Ransomware
16. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Type Description Motivation Association
Malware Distribution
Drive-by-Downloads
End-points are the target
Revenue
Audience
Search Engine Poisoning (SEP)
Search Engine Result Pages (SERP)
Pharma / Casino / Luxury Goods
Revenue
Audience
Phishing Lures
Email / Social Phishing campaigns
Financial / Credential Theft
Spam Email
Email spam campaigns
Leverage your server / ip / domain
Resource
Audience
Resource
Defacement Hacktivism Lulz
DDoS/Bot Scripts
DDoS
Mailer Scripts
Revenue
Resource
Ransomware
Hold you hostage
How your audience hostage
Revenu
Audience
Data Exfiltration
Steal data from your environment
E-Commerce / PII
Resource
Audience
17. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
THE IMPACTS OF COMPROMISE
Brand Website Blacklisting
Emotional Distress
Economic
Business
Visitor Compromise
Technical
SEO Impacts
18. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Brand Reputation
• Your brand is made up of the unique user experience you offer through
your design, content, product offering and service
• Your website, and the experience your audience has plays a critical part in
the reputation of that brand
• Tolerance is the highest it’s ever been around website compromises, so
reputation is recoverable
• Loss of trust in your brand can drive your audience to look for alternatives
to your brand
Business Impacts EconomicBrand Emotional Distress
19. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Economic Impacts
• Our research has shown a little over 90% drop in traffic immediately
following a compromise, that number goes up if a website gets blacklisted
• Whether your website leverages ads, static content, or sells product, it
directly or indirectly helps your business generate some form of revenue /
exposure
• Costs associated with post-compromise services, to include time / money
spent on tools, education and consultation
Business Impacts EconomicBrand Emotional Distress
20. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Emotional Distress
• Anxiety – nothing ever goes fast enough
• Confusion – unclear what steps to take, who to talk to, where to start
• Anger – you want to reach across the matrix and shake someone
• Sadness – a general feeling of feeling overwhelmed, exhausted..
• Distrust – an erosion of trust in technology, internet, people
Business Impacts EconomicBrand Emotional Distress
21. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Website Blacklisting
• The most impactful in that it has the ability deter people from reaching
your website and it’s content / product / services
• Blacklists extend beyond search engines like Google and Bing, but can be
found in end-point AntiVirus Solutions like Malwarebytes, Norton, EST,
McAfee and so many others.
• This can lead to your website being flagged globally in large networks (i.e.,
cisco, websense, etc… )
Technical Impacts SEOBlacklisting Visitor Compromise
22. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Seo Impact
• The most impactful in that it has the ability deter people from reaching
your website and it’s content / product / services
• Blacklists extend beyond search engines like Google and Bing, but can be
found in end-point AntiVirus Solutions like Malwarebytes, Norton, EST,
McAfee and so many others.
• This can lead to your website being flagged globally in large networks (i.e.,
cisco, websense, etc… )
Technical Impacts SEOBlacklisting Visitor Compromise
23. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Visitor Compromise
• The most impactful in that it has the ability deter people from reaching
your website and it’s content / product / services
• Blacklists extend beyond search engines like Google and Bing, but can be
found in end-point AntiVirus Solutions like Malwarebytes, Norton, EST,
McAfee and so many others.
• This can lead to your website being flagged globally in large networks (i.e.,
cisco, websense, etc… )
Technical Impacts SEOBlacklisting Visitor Compromise
24. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Thinking Website Security
How to improve your website security posture
25. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Security is not a static state,
it’s a continuous process.
26. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
27. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Technology will never replace your
responsibility as a website owner.
28. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
29. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Security is not a Do It Yourself (DIY) project.
30. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
31. Impacts of a WEBSITE COMPROMISEWEBINAR
Tony Perez | @perezbox #AskSucuri
WEBINAR Impacts of a WEBSITE COMPROMISE
Tony Perez | @perezbox #AskSucuri
Q & A
Tweet us @SucuriSecurity using #AskSucuri