Firstly, my thoughts go out to everyone in Ukraine and to anyone that has friends and family there. I hope they are managing to keep safe.<\/p>\n\n\n\n
Given that in the 20th<\/sup> Century we experienced 2 world wars, numerous regional conflicts that were proxies for, and could have escalated into, global conflicts, as well as countless civil wars and border disputes, to see a European country brazenly invade a neighbour based on patently untrue reasons is shocking. I sincerely hope the Russians come to their senses and cease this invasion ASAP.<\/p>\n\n\n\n In the run up to this invasion, several web commentators suggested that there would be an increase in cyber-attacks that occurred in parallel with the invasion on the ground. Based on the activity logs of several websites I have created and or manage; this seems to have commenced already.<\/p>\n\n\n\n I have identified concerted and extensive efforts to access websites that are noticeably different to the everyday attempts to login using a likely administrator username. You will understand if I don\u2019t give any more details than this.<\/p>\n\n\n\n However, as the most widely used website development platform (by a considerable margin), it is not surprising if WordPress gets more attention.<\/p>\n\n\n\n Sadly not. Whilst WordPress accounts for the vast majority of websites developed using a Content Management System (and therefore attracts more attention from cyber-attackers), ANY website that has an \u2018admin\u2019 login of some sort is likely to come under attack.<\/p>\n\n\n\n No. State organised cyber-attacks, should they occur, will focus upon major institutions such as banks, utilities, transport networks, government, and the military. Unless you work in one of these organisations \/ sectors then state organised cyber attacks are unlikely to impact you.<\/p>\n\n\n\n However, Russia has, as Wired Magazine<\/a> puts it \u201cAn expansive web on nonstate actors, from cybercriminals to front organisation to patriotic hackers that it can and has leveraged to its advantage<\/em>\u201d. Moscow has habitually turned a blind eye to their activities so long as their focus has been outside of Russia. Their activities might not be directed specifically at your business or organisation but as the WannaCry<\/a> malware cryptoworm outbreak in 2017 proved, collateral damage can spread far and wide. As a result of WannaCry, the NHS saw tens of thousands of computers infected, equipment such as MRI scanners out of action and postponed non urgent treatment for some patients. It is unlikely that the NHS was a primary target for this malware but once it got into their systems, it spread rapidly and with devastating impact. <\/p>\n\n\n\n The cyber-attackers have numerous possible reasons for trying to access your site. <\/p>\n\n\n\n The first thing they will probably do if they gain access to your site, is change your password thus freezing you out. Other Administrators (if they exist) will be deleted to give them free rein to do whatever they like.<\/p>\n\n\n\n Your content may either be removed or amended to suit their objectives.<\/p>\n\n\n\n If you take payments for goods and services via your website, then most probably the beneficiary account will be switched so they take any future funds.<\/p>\n\n\n\n If you have a full eCommerce store on your site, you may find that your products are removed and replaced with goods that are under control of the cyber-attacker.<\/p>\n\n\n\n They use a range of different methods.<\/p>\n\n\n\n A few simple precautions will go a long way to helping to maintain the security of your site.<\/p>\n\n\n\n Whilst you may believe that your website has little intrinsic value to a cyber-attacker, they may see it very differently. Your website is a platform for them to conduct a whole series of malicious and criminal activities IF they can access and take control of it.<\/p>\n\n\n\n Be vigilant to what is going on with your website. Even if you have no proof, assume your website is (or will be) under attack and act accordingly.<\/p>\n\n\n\n A few relatively simple steps can help to secure your website and give you peace of mind. Far better you act now to secure your site than spending hours (possibly days) trying to recover control, remove unwanted content, restoring the site and rebuilding your reputation.<\/p>\n\n\n\nWordPress sites are particularly at risk<\/h2>\n\n\n\n
I use Wix, Squarespace, Ionos, am I OK then?<\/h2>\n\n\n\n
Am I under attack from the KGB?<\/h2>\n\n\n\n
Why do the attackers want to break into my website?<\/h2>\n\n\n\n
What might a cyber-attacker do?<\/h2>\n\n\n\n
How do cyber-attackers break into websites?<\/h2>\n\n\n\n
How can I protect myself \/ my website?<\/h2>\n\n\n\n
If you use another Content Management System (Drupal, Joomla etc), search for Security Extensions that will serve the same purpose.<\/li>Summary<\/h2>\n\n\n\n