rnc data breach web security best practices

The RNC Data Breach: Pitfalls of Neglecting Web Security Best Practices

In a recent security report, researchers revealed an unsecured archive of US voter data collected by Deep Root Analytics, a data firm connected to the Republican National Convention (RNC). The exposed data — which included full names, addresses, and phone numbers of 198 million registered voters — was uncovered by a security researcher in an internet-accessible database with no password protection or any other security measures. The database has been secured at the time of this writing, but it remains unclear how long this data was exposed to the internet.

It may be easy to assume exposures of this nature are an inevitability. After all, a data analytics firm associated with a major political party sounds like a clear target for bad actors. However, the data was discovered by a researcher performing unrelated searches through Amazon’s S3 infrastructure for any unprotected data, not targeted attacks against Deep Root Analytics or even voter data in particular. This fact underscores a critical necessity of the Internet: prioritize the security of your data at all stages of its life cycle. Your data needs to be secure where it’s stored, during network transit, and when it’s in the hands of third parties. This data leak in particular was the result of the RNC failing to properly ensure the security of their data in the hands of a third party contractor.

In this era of automated site crawlers and widely published application vulnerabilities, it’s important to remember that any website on the internet is a viable target for attackers. Ensuring proper security practices should be a vital step in the development of any website or application, no matter the size. If you must share data with third party contractors, confirm that their practices meet or exceed your security standard. If you’re working exclusively within your own organization, it’s still important to cover your bases during the development process.

Web Security Best Practices

Here’s a few things to keep in mind:

  • Password-protect any data you don’t want the public to access.
  • If you’re using a third party application, like WordPress or Magento, it’s important to keep these applications up to date at all times. Outdated web applications commonly include widely-known vulnerabilities that can be used to launch attacks on your site.
  • If your site is custom-coded, ensure that you (or your developers) are implementing adequate input filtering to prevent common attacks, like SQL Injection and Cross-Site Scripting.
  • Make sure your employees are prepared for “human attacks,” like phishing and social engineering.

Outside the scope of your company’s internal security policies, additional security measures are a great added line of defense. A large portion of website compromises are delivered by malicious bots, many of which can be turned away by web application firewalls. Additionally, malware detection by SiteLock® SMART™ is an invaluable way to identify cases when breaches do take place, allowing your team to take defensive action much more quickly than you could with only manual detection. Unfortunately in many cases, website owners are unaware they’ve been hacked until their site is defaced, suspended, or blacklisted.

Regardless of the size of your organization, keeping a proactive security protocol in place is essential to your ongoing success. Don’t do the bad guys any favors by leaving the door unlocked, no matter how unlikely you think it is that they’ll find it.

ftc protecting small businesses

New Government Website Highlights Small Business Cybersecurity Risks

The US Federal Trade Commission (FTC) recently launched a new website aimed at educating small business owners on the risks of cybercrime and the steps they can take to protect their business.

“Small businesses are critical to our economic strength, building America’s future, and helping the United States compete in today’s global marketplace,” said FTC Acting Chairman Maureen Ohlhausen. “This innovative new website is a one-stop shop where small businesses can find information to protect themselves from scammers and hackers, as well as resources they can use if they are hit with a cyberattack.”

Read More

fireball adware infection

Trending “Fireball” Adware Raises Botnet Concerns

Earlier this week, security researchers reported on a trending adware infection known as Fireball. Sourced to the Chinese marketing firm Rafotech, reports indicate a footprint of more than 250 million infected machines worldwide. While the infection currently appears to only make changes to victims’ browser homepages and search engines, analysis suggests that the software could be remotely leveraged to act as a malware dropper. A malware dropper is a program that can be used to remotely install malicious software onto a victim’s computer or network. This can be performed after any amount of time following the installation of the dropper itself.

If true, it’s possible that infected systems could be made part of a botnet and used to carry out new types of attack over the Internet.

The Fireball adware is being distributed via freeware software installers through a method known as bundling. You’re likely to have seen bundling yourself at some point. Legitimate software developers use bundling as a way to monetize the release of otherwise free software. When you download and install such a program to your computer, you may notice that you’re being asked to install additional, unrelated software, like toolbars or free trials of a different company’s programs. While annoying, most cases of bundling are simply a way for developers to make money while releasing a free product. However, this can also be used to deliver PUA (Potentially Unwanted Applications), like adware, software that can track your behavior online and serve advertisements based on this data.

Because of this, it’s important to remain mindful of the sources of programs you install. Cracked versions of paid products frequently include malicious files that can be used to infect your systems. For website owners, this also applies to pirated versions of software that you might want to install on your website, like premium WordPress plugins and themes. Even if the pirated files are free of malware, they do not typically receive security patches from the original developers, or they could be configured to download a malicious component at a later time. This can open your website to a myriad of vulnerabilities that can be exploited by attackers to cause further damage to your online reputation.

Another point to consider, in the wake of Fireball’s massive online footprint, is the potential for damage caused by a botnet of this size. Malicious tasks that would be practically impossible for a single machine to perform (bulk hash cracking, login bruteforcing, denial of service attacks, etc.) become trivial when an attacker can utilize a quarter billion machines simultaneously to accomplish their goals. The potential for mobilization on this scale means it’s as important as ever to ensure tight security on all of your systems.

Strong passwords are a good start. Changing passwords regularly is another important step, given the frequency of major data leaks across the internet. By changing your credentials, you render a previously leaked password useless.

Protecting your website from bot traffic is a critical step in preventing malicious activity on your site. SiteLock TrueShield, a web application firewall,  provides effective traffic filtering that can drastically limit the impact of these attacks. Contact a SiteLock Website Security Consultant at 855.378.6200 to find the right security package for your business. We are available 24/7/365 to help.

The Ballooning Cost of Cybercrime

The legal industry finds itself in the upper echelons of companies when it comes to the fiscal impact of a cybercrime. However, many are ignoring this risk. According to the American Bar Association’s (ABA) 2015 Legal Technology Survey, about half of firms said they had no response plan in place to address a cybersecurity breach.

Furthermore, Cybersecurity Ventures predicts the costs associated with a cyberattack could balloon to $6 trillion globally by 2021. To put that in perspective, if cybercrime were a country, the number would represent the fourth highest Gross Domestic Product (GDP) in the world.

To better understand the costs associated with cybercrime it is helpful to group the expenses in two buckets, direct and indirect.

Read More

SiteLock Unlocked: A Day in the Life of a Website Security Research Analyst

Welcome to SiteLock Unlocked, our new blog series that provides exclusive one-on-one interviews with the awesome team members here at SiteLock. Through this series, you’ll get an inside look at the more personal side of SiteLock. We’ll interview different SiteLock members from various departments to highlight how their dedicated efforts contribute to your website security.

To kick-start our series, we sat down with a member of the SiteLock Research team to showcase what a day in the life as a SiteLock Website Security Research Analyst looks like.

Read More

SiteLock cloud-based security solutions

A Business Case for Website Security

Every business understands their website is a vital building block to establishing an online market presence. However, when it comes to website security, few understand the need or simply feel their company is not at risk.

To make a business case for web security, one must define the target, detail the impact of a hack, outline the mitigation cost and examine any additional benefits of proactive website security. This article will examine those areas to help assist in making a business case for cybersecurity.

Read More

Malware Removal

Why Website Reinfections Happen

We all know someone who’s been in a difficult position following a security breach. They are rushing to assess the damage, while simultaneously repairing website functionality to limit the compromise. It’s a stressful situation, especially if you’ve had to deal with a compromise more than once. Unfortunately for some website owners this is a reality — shortly after the initial security breach, the website becomes compromised again. It leaves the website owner asking why their website is being targeted and how the website re-infection is happening.

The short answer is that it’s most likely due to unresolved vulnerabilities. While it may seem like you’ve been singled out and targeted by some menacing hackers, most of the time that isn’t the case. The majority of website compromises are preceded by automated campaigns that locate websites vulnerable to a particular exploit the hacker wishes to employ. The bottom line is, you aren’t the target that the hacker is singling-out, it’s the software on your website. There are a couple main culprits for this scenario.

Read More

Cybersecurity

What is a Website Vulnerability and How Can it be Exploited?

Websites experience 22 attacks per day on average— that’s over 8,000 attacks per year, according to SiteLock data. A website vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server. Most vulnerabilities are exploited through automated means, such as vulnerability scanners and botnets. Cybercriminals write specialized tools that scour the internet for certain platforms, like WordPress or Joomla, looking for common and publicized vulnerabilities. Once found, these vulnerabilities are then exploited to steal data, distribute malicious content, or inject defacement and spam content into the vulnerable site.

Read More

SiteLock Video

How SiteLock Works With Your Hosting Provider [Video]

At SiteLock, we partner with the largest hosting providers around the world to secure more than 6 million websites. In speaking with all of our customers, we often get asked, “What is the difference between the security provided by my host vs. the security provided by SiteLock?”

It’s important to understand that your website isn’t entirely protected by your hosting provider, and despite being hosted in a secure server environment, your website is still at risk of cyberthreats without the proper website security.

Read More

sitelock trueshield updates

SiteLock TrueShield Updates on May 1st, 2017

SiteLock is expanding the network behind our web application firewall, TrueShield, and our content delivery network, TrueSpeed. To accommodate our growing customer base, we’re adding over 130,000 new unique IP addresses on May 1st, 2017. This will require some customers to make changes to their firewall or web server configuration to ensure our new servers are compatible with your website’s hosting server. If these changes are not made by May 1st, 2017, your site visitors may be restricted from accessing your website.

Read More

Page 1 of 27

Powered by WordPress & Theme by Anders Norén