We often talk to site owners who are surprised that their sites are targeted by attackers. Most of them assume that if there isn’t any juicy data to steal, like credit card numbers, that compromising their site is a worthless exercise. Unfortunately they are wrong. Aside from data, a compromised site’s visitors can be monetized in various malicious ways. The web server can be used to run malicious software and host content and the reputation of the domain name and IP address can be leveraged.
Some interesting stats here. Spoiler alert: I’m not surprised to see “defacing” at no.1, it’s the classic reason to hack a site, but it’s interesting that “SEO spam” is not too far behind. I guess there is money to be made in the black hat SEO world, so I’d expect it to rank top at some point in the future.