Circle 01
Circle 02
Circle 03

Join our mailing list

Subscribe to the TSC newsletter to receive exclusive news and advice
  • 23 November 2022
  • 8 min read

CISO Guide: What are the signs of a hacked website?

Do you know how to tell if your website has been hacked? Today, we run through the warning signs and what you need to do in the case of an incident.
21

Below is a guest article submission from the good folks over at Seirim, a Shanghai-based premier web design agency – who wanted to share some security tips for all professionals responsible for the security of their business and website.

Website data leaks, exploits, viruses and security breaches

The times when hacking incidents were few and far between and only occurred in big companies are long over. In the modern era, even small or medium-sized companies have become lucrative targets for hackers. In fact, it the cost of cybercrime for companies worldwide is set to shoot up from $3 trillion in 2015 to $10.5 trillion by 2025. In commercial zones everywhere including London, Brussels, New York and Shanghai, cyber security has been an important topic of discussion, especially as businesses are integrating much of their functions online.

Unfortunately, modern website managers and companies often discover the problem when it is already too late. To make things clearer, we have put together a list of some tell-tale signs that your website is hacked.

1. Browser alerts/phishing attacks

The company website or the browser you are using may show signals of suspicious activities or warning screens which indicate the presence of a phishing attack. Phishing attacks are social engineering scams where a dishonest actor impersonates a legitimate company or organisation via advertisements, texts, or email messages. They attempt to steal social security numbers, credit card information, personal information, or bank account information. When such a situation occurs, you must first:

  • Immediately report the suspicious activity to your security team
  • Save and shut down the website for public access
  • Use the backup to restore the site
  • Conduct a forensic investigation to find gaps in your security

It is vital employees and organisations are aware of potential phishing attempts as it remains one of the most common types of cyber attacks. In fact, since March 2020 alone, 81% of organisations have encountered a phishing attack in some shape or form.

2. The website gets flagged by Google

Search engines like Google are continuously checking websites that they include in their search results. Google may exclude a website from being included in the search results if they detect any unusual patterns or noteworthy changes.

In specific instances, Google may flag links with a message such as “This site may harm your computer” or “This site may be hacked.”

This makes it necessary for website owners to regularly look at their Google Search console or search for the website. This allows them to find unattractive links before customers, business partners, service providers or suppliers do.

3. Slow site loading time

If a website is taking longer than usual to load, it may be a sign that there is higher activity on the whole server. Often, this occurs when malware uses up all of a server’s resources. So, when encountering such a problem, one should always conduct a detailed check on the server for any malicious activity or harmful software.

A slow website is a major issue that needs to be rectified as soon as possible as data from LoadStorm and eConsultancy reveals that even a 1 second delay in browsing reduces user satisfaction by 16%! If your website is taking 5 seconds or more to load, your website may be compromised in some way. 

4. Emails are sent to spam

Companies may find that the number of respondents to the latest newsletter is uncommonly low. A common reason for this is when the emails are sent to the customer’s spam folder. Hackers can send lists of spam emails using a company's website. When this happens, the email provider can blacklist the website which will cause emails sent from the website to be sent directly to spam. To counteract this, one needs to stay aware of your mailing metrics and regularly clean email lists.

AWeber recommends that every organisation using email lists, should clean them every six months to prevent spammers from maliciously using your company.

5. Site goes offline

Hosting providers are one of the first entities that notice that a site has been hacked. They are usually contacted by customers who alert them of the problem or get detected by the company’s own IT security service monitoring. Unfortunately, they can take a site offline without any prior warning.

A site going down without the knowledge of the owner can destroy both ends of a company’s value chain – the customers and the service providers. Thus, companies should contact their service provider and inform their users as soon as they notice that their site is offline.

6. Strange looking JavaScript

You may notice some strange-looking, cryptic looking or obfuscated JavaScript code in the company’s web page source. It may be used to steal sensitive customer information such as passwords and credit card information. It may also be used to redirect prospective and existing customers to other malicious advertisements, pop-ups, and websites.

A recent study from Northeastern University on JavaScript use in web development analysed over 133,000 websites and found vulnerabilities in more than 37% of them. The study found that third-party modules such as advertising plug-ins, trackers and social media widgets have often been used trojan horses to compromise backend JavaScript.

7. New admin users of FTP accounts

It may so happen that you find new admin users, database users or FTP user accounts. This is a strong sign that the website might be hacked. Hackers tend to leave behind privileged accounts to keep accessing a particular website or server.

8. Recently modified files

Another sign of hacking is when core system files have recently been modified. When this happens, system administrators should compare the files to earlier versions to detect the modifications. Hackers commonly tend to modify these files to insert malicious codes, send spam emails or create back-door entries. Some of the unusual formats you may find include .php, .aspx .py and others.

Website down for maintenance

What to do if your website is hacked?

There a few things you should do if you suspect that your website has been hacked. To make things easier for you, we've made a handy list of steps to take if you have been cyber breached:

  • Notify webmaster/provider: Immediately contact and notify your webmasters, explaining in detail what has happened to speed up the recovery and reset process.
  • Check your login details: Cyber criminals may have gained access to your website via a compromised email/login account. Ensure these are secure and reset passwords if necessary.
  • 2FA (Two-Factor Authentication): If you haven't already, ensure that you have set up 2FA to add an extra layer of security to your account. 
  • Make sure your devices are up to date: Sometimes, cyber criminals find gaps in the security of smart devices that have not been updated regularly, thus leaving vulnerabilities in the software. Make sure to update and patch your devices when prompted.
  • Contact your bank and Action Fraud: Action Fraud, the UK's reporting centre for cyber crime, should be notified as soon as possible. If you've lost money or believe your finances are at risk, tell your bank and then report the crime to Action Fraud. Not only will you record the criminal activity to law enforcement, you will be helping the NCSC to prevent further similar attacks. 

Conclusion

Hacking incidents and data breaches have become common with the expansion of digitization in the modern age. Companies are thus trying to allocate more financial resources towards cyber security. There are cheap and easy-to-use security software solutions that can be used to monitor a website continuously. Alternatively, companies can also partner with companies specialising in cyber security that have all the protocols in place to thwart future attacks.

Thank you to Seirim for this week's guest submission to The Insider, visit them here.

If you would like more informationabout how The Security Company can help deliver security awareness training for your employees or how we can run a behavioural research survey to pinpoint gaps in your security culture, please contact  Jenny Mandley.

Nas
Written by
Nas Ali
Cyber security and awareness content creator focused on emerging threats and the next wave of cyber security risks like AI, deepfakes and tech 4.0 initiatives in order to build towards a more secure organisational culture.
View Profile

See how we can help you protect your organisation today?

Circle 01
Circle 02
Circle 03

Join our mailing list

Subscribe to the TSC newsletter to receive exclusive news and advice