According to Symantec, 66% of targeted cyber-attacks are on SMEs is second only to the USA in terms of the numbers of attacks. With the rise of automated hacking tools, which scan vast swathes of the internet looking for vulnerabilities in servers and sites, the risk of attack is increasing. Symantec saw 317 million new pieces of malware released during 2014 and, according to Sophos, 30,000 websites are infected with them every day, the majority being small business websites.
Whilst the consequences of being hacked vary, the impact can be devastating. Depending upon the nature of the attack, your entire online operations can be closed down; the personal data of customers, partners and employees can be stolen and sold on to third party criminals; business banking data can be exploited and malicious software can be hidden on your system to infect the technology people use to visit your site. All of these, of course, have potentially huge financial implications: loss of business, fraud, lawsuits, compensation, IT fees for fixing the vulnerability – the list goes on. The theft of intellectual property and industrial espionage alone cost UK companies nearly £17 billion in 2011.
Previously, we have discussed about security and how to protect your wordpress site from hacker. We also written about how to fix your wordpress site that has been hacked. In this article, we will describe hackers generally and how to protect it. You must beware with your business. The business that you build for more decade can be ruined in just 1 day. So, stay tune and read the entire article here!
Types of hacks and how they can be protected against
There are various ways hackers can target your business, below we cover some of the more common attacks and how you can protect against them.
In social engineering, the main vulnerability that hackers exploit is people. Hackers use a variety of techniques to manipulate people into to either divulging sensitive information directly or by installing malicious software on a machine on their PC.
Common examples of Social engineering include:
One of the most common and well known tactics where scam emails contain links which, when clicked on, either install malware or take the victim to a specially grafted website that is then used to extract information such as usernames and passwords
This is where infected devices, like USB drives, are left in offices in the hope someone will plug it in to see what’s on the drive, software on the drive can be configured to either auto run or trick the staff member into executing a file thus infecting the target machine.
This is where an attacker will impersonate somebody in an attempt to trick the staff member into divulging sensitive information, for example an attacker may call pretending to be a manager requesting a password reset, often an elaborate back story will be provided and will often involve ‘sweet talking’ or ‘bullying’ the victim into bypassing security procedures.
How to protect your business from social engineering attacks.
The solution to preventing attacks by social engineering is to have water tight procedures and well trained staff:
1. Educate Yourself.
Keep yourself up to date on the latest developments in cyber-crime and the types of attacks that are perpetrated, hackers are constantly evolving and developing new techniques so it is important you keep on top of the latest developments.
2. Have a security policy in place.
Have a written security policy and make sure all staff understand it, many organizations now require employees to sign a security policy. Procedures need to be kept up-to-date to deal with the changing face of cyber-attacks and should follow the guidelines laid down in the data Protection Act.
All new and temporary staff should be given induction training and existing staff need refresher courses when new procedures need to be followed.
3. Promote awareness.
Make sure staffare made aware of any new techniques hackers are using and how they can identify and protect against them. Have procedures in place for staff to report any suspicious activity, hackers may make multiple attempts until they can find a member of staff they can manipulate into getting what they want, by encouraging staff to report suspicious activity you can take preventative action.
4. Don’t be afraid to challenge somebody.
Whether it is an onsite visitor or a caller, staff should never be afraid to challenge somebodies identify. One common technique is for the hacker to put pressure on the target through either a false sense of urgency, perceived seniority or just plain persistence, it is important staff stick to procedure and don’t succumb to these pressures.
5. Lead by example.
As a manager it can be tempting to have the staff break procedure when it’s you that requires information, doing so leads to complacency which can negate any prior training that has been given to staff.
Server vulnerabilities are weaknesses in the operating system and/or software installed on the server either as the result of a poor security policy, software misconfiguration or bug.
Successful attacks against a vulnerable server are often disastrous for the target as the end result is nearly always full unrestricted access to the server for the attacker.
Common attacks of this type include:
1. Brute force attacks.
These target services that require username and password authentication to access the service, for example SSH on Linux and RDP on Windows servers are common targets.
These types of attacks tend to be automated and have become more sophisticated of time, as more and more password data has become available to hackers through previous successfully hacks patterns have emerged into how humans select passwords, these patterns have been exploited to greatly increase the success rates of brute force hacks.
2. Software Exploits.
Modern software is extremely complex and often contains millions of lines of code, as a result there are bugs in most software some of which can be exploited to allow hackers to gain access to a server.
It is a never-ending race between hackers and software developers to locate these bugs, in the case of the software developers so they can patch vulnerabilities before they can be exploited by hackers while the hackers off course want to find them first to exploit them for as long as possible until they are patched.
One recent example of this was the Heartbleed bug which potentially allowed hackers to exploit weaknesses in website encryption to obtain login information, there was a significant period between the bug being found and a patch being released so mitigation was a priority.
How to protect against server vulnerabilities
Having a thorough security policy in place in place is key to keeping your server secure, below are some of the ways you can achieve this:
1. Put in place a firewall policy.
Many attacks can be avoided altogether by simply ensuring vulnerable services are not accessible in the first place, using a firewall access ports can be restricted so they are only available from trusted locations (for example your company offices), hackers can’t target a service they can’t see online.
Only ports that absolutely must be publically available to deliver your services should be unrestricted, for example in the case of a server that is used only to deliver a website this would consist of just HTTP (80) and HTTPS (443) ports, all other ports should be either locked down completely or only accessible via trusted IP addresses.
2. Enable Intrusion prevention systems (IDS/IPS).
Intrusion prevention systems monitor network traffic or service logs for suspicious activity and stop any attempted intrusion. If a hacker is bombarding your site with thousands of attempts to log in, these systems can quickly find out the source of the attack and block the IP address of the attacker.
3. Have patching and update policy in place.
It is good practice to have an update and patching policy. Software updates and patches are not only issued by developers to fix bugs but also to address security vulnerabilities which have recently come to light, so it’s important they are kept up-to-date.
4. Ensure you have a password policy in place.
A good password policy is also important for increasing security. Ensuring everyone has strong passwords which are changed on a regular basis and kept secret is standard practice for most organizations these days. It’s an easy but effective way to reduce the chances of being hacked. Both Plesk and cPanel have controls built in that can be used to enforce minimum password strengths.
5. Be careful when installing new server software.
With modern package managers such as YUM & APT installing software is often a very easy task, however, configuring software securely for a production environment can often be a far more complex and it can be easy to leave software open to exploitation, for example forgetting to change a default password.
By doing the above the majority of attacks can be either avoided altogether or greatly mitigated, if you want the very best in protection then invest in a hardware based firewall such as our own Fortigate security appliance, this unifies firewall services, IDS/IPS, malware protection, application firewall and DDoS protection into single devices that can protect multiple servers.
Application & Website Vulnerabilities
Unfortunately, it’s not just your server which is vulnerable to attack; sometimes it’s the applications that you run on it. This is especially the case with common platforms used to build websites, like WordPress and Magento. According to Alexa, 70% of the world’s top ranking WordPress sites are vulnerable to attack and there are three main attack vectors that hacker exploit to gain access: poorly configured servers; weak usernames and passwords to the admin panel or FTP account; and software vulnerability, such as using older versions of the platform or plugins.
1. Cross-site scripting.
Here, the hacker inserts malicious code onto a link on your website so that, when one of your visitors clicks on the link, malware infects their computer and allows information to be stolen.
As the attackers is targeting your visitors this can have a disastrous effect on your reputation and will often result in your site being blacklisted and blocked by search engines.
2. SQL injection.
Where a hacker will find a form that needs to be filled in on your website, such as a newsletter subscription form, but instead of typing in a name and email address, they will type in SQL computer code that allows them access to your database. From here they can potentially download all the information stored on your database including the personal details of customers.
3. Man in the middle.
In a man in the middle attack the hacker intercepts communication between your website the visitor. One example of how this works is when malware is sent from your website to the visitor’s browser. Once installed, the visitor is then redirected to a different site that looks just like yours. Any information they then provide is given, unwittingly, to the hacker.
How to protect against application vulnerabilities
Failure to protect vulnerable applications from being exploited can have seriously damaging consequences and so preventing an attack should be a priority. To do this there are a number of things you need to do.
1. Keep your application up to date.
Firstly, you should keep your application and any associated plugins up-to-date. If you are a WordPress user and you have a control panel that uses Plesk 12 or higher this is made easier through the inbuilt WordPress hardening and update tools, these allow you to security check every plugin and software update so that vulnerabilities are quickly spotted.
Most applications such as Magento and WordPress now come with version checking tools however these tend to require running manually so check often for updates.
2. Follow best practice guidelines.
Most application include best practice guidelines for security, read these carefully and apply any recommendations.
3. Sign up for the developer’s mailing list or Forum.
Most application developer sites have security related mailing lists or forums, sign up to these and act upon any recommendations.
When vulnerabilities are found it can take time before a patch is released, often developers will provide information via their mailing list or forum detailing how to mitigate the issue in the meantime.
4. Enable Intrusion prevention systems (IDS/IPS).
Both Plesk & cPanel come with intrusion prevention system that can be configured for certain applications, for example fail2ban built into Plesk has predefined rulesets for WordPress which can be enabled.
5. Enable an application firewall.
Application firewalls work by using predefined ruleset to sanitise or block HTTP requests that do not conform to the rules, for example if a request includes an SQL query which should not be part of HTTP request (SQL injection) the firewall will block the request before it is executed by your application.
The most widely known application firewall is mod_security which is now built into Plesk and cPanel on our Linux servers and comes with a number of custom ruleset that can be enabled.
When properly configured an application firewall can be extremely effective at blocking cross-site scripting and SQL injection attacks.
6. Enable site wide SSL
Encryption is another layer of security that will prevent hackers from accessing important data. By enabling site wide SSL, (Secure Sockets Layer) you can easily establish an encrypted link between a server and a client. This will help keep personal data, credit card information and passwords safe during transmission thus preventing man in the middle attacks.
It should be noted that the google now provide a ranking boost for sites using site wide SSL so this is another reason to enable this.
7. Use a vulnerability scanner.
By using a vulnerability scanner such as our own MTv scan, these will undertake a deep scan of your website for known vulnerabilities, malware and intrusions as well as check your website’s reputation and see whether your website and email addresses have been blacklisted. As a result, this prevents infection and helps resolve issues with your website’s authority across the internet.
The final thing you should do is to regularly back up your files. Should the worst ever happen and you find your site has been hacked, the files on your server may be infected or even deleted. If you have your files backed up it means that restoring your website can be an easy thing to do. If you don’t, you may have to rebuild the website from scratch: programs, content and database.
Security is not a simple thing, but the above simple steps can take your site from being in trouble to running rock solid for years to come. If you have any inquiries or comments, please just let us know.
We hope that article above is really helpful for you. Please kindly share it if you like this tutorial and you also help many people outside there.