The recent news that a large number of websites were defaced within Australia and New Zealand points to a more serious issue for every organisation that has a web presence – from a simple website providing information through to a sophisticated e-commerce site.
Websites are an easy target for hackers or anyone that wishes to partake in malicious cyber activity - remembering a website is accessible from anywhere in the world 24 x 7. Many organisations are actually oblivious to the fact that their websites have been compromised.
How do I know if our website has been compromised?
Common symptoms to look out for:
- Your website pages are taking longer to open.
- Visually you can notice unexpected new or modified content on the site.
- Traffic to your website abnormally increases.
- Google search results for your website contains a warning.
- Your website folder contains unfamiliar new or recently modified files.
- Your website brings pop-up windows or redirects to unknown sites.
If our website is compromised what is the immediate major risk to my business?
A major risk to consider if your website is compromised is brand and reputational damage leading to loss of customers. As a business exposed for security flaws, it’s very easy to lose customer confidence.
Aside from the immediate major risk, are there any other risks?
There are plenty of potential risks associated with your website being defaced. Starting with your site being listed on a public defacement website for all the hackers in the world to see.
This type of incident creates a number of other possible scenarios - for example – the intruder may have taken your customer login/password or other confidential information which can be on sold or reused. If you host your own website then the intruder may have readily obtained easy access to other connected internal systems or they could have installed some malware on your website which may subsequently “infect” visitors to your website.
What can I do in response to this type of incident?
As a result of a website defacement incident one organisation opted to perform a comprehensive digital forensic investigation of their webservers. A qualified security consultant was engaged to perform an initial comprehensive analysis of the system. This step found several concerning items of interest and pointed towards the fact that some other unauthorised activities had occurred on the webserver. This organisation increasingly is conducting business online so it had no hesitation in undertaking a full digital forensic investigation to identify factual evidence of events on that webserver and thereafter adopted measures to minimise any further intrusions or defacements.
Are there some simple housekeeping steps I can take to help protect our webservers?
- Register and monitor visitors and changes to your website with help of Google webmaster tools.
- Conduct malware scan for your website at virustotal.com.
- Conduct regular scanning on your webserver and take time to review the reporting detail.
- Regularly identify any issues with your site by performing a vulnerability assessment for your website or web server.
- Your System Administrator must know how (or be trained) to spot unusual files on the webserver
- Quarantine any files that look unusual
- Contact a security expert if in doubt
A basic website defacement on its own may turn out to be a lucky escape but it presents an opportunity to improve the security of your online presence. When detected and dealt with in a professional way one can turn a potentially embarrassing situation into a positive outcome.
Contact us if you would like to discuss how Kaon Security can help you keep your website and associated systems secure.