In our third episode of How Do Hackers Do Things, GraVoc Security Consultant, Josh Jenkins, shows you how hackers can make a copy of a website and clone it for their own malicious purposes. During this video, Josh will show you how hackers are cloning websites using HTTrack, a freely available tool on the Internet that allows anyone to make a perfect or near perfect copy of your website. This type of activity could allow a malicious actor to copy your website and leverage that copy in a phishing campaign.
For this example, Josh demonstrates how hackers can clone any website by using two freely available downloads for the Kali Linux distribution. The first tool is HTTrack, which will allow Josh to clone a website and the second is simple python HTTP server, which will allow Josh to present that website on an DigitalOcean instance. Watch in the video above how Josh uses a combination of these tools to make a copy of the website example.com.
What does all this mean?
A malicious hacker could potentially clone and steal your website and lend creditability to any number of campaigns whether thats phishing, harvesting credentials, or any other malicious activity that is targeted at your company. There are many ways to prevent hackers from cloning your website such as monitoring and knowing what your vulnerability exposure level looks like. If your business is looking to prevent and mitigate these types of attacks, check out our Information Security Services below:
How Do Hackers Do Things Series
If you enjoyed this video, make sure to check out our other How Do Hackers Do things videos for more great security videos and tips! How Do Hackers Do Things focuses on different methods of hacking that cybercriminals use to exploit their victims. Our goal is bring awareness to the vulnerabilities and hacking methods that surround our everyday lives!
In this blog post, we provide five cybersecurity awareness tips for employees to help them practice better cyber hygiene and defend sensitive data.
Click here to access KnowBe4’s FREE Resource Kit containing resources to share with employees throughout Cybersecurity Awareness Month!
We explore the top 3 red flags of phishing that businesses & employees should be aware of in order to recognize & mitigate a threat.