Tag: DDoS Attack (Page 1 of 2)

College_Data_Breaches

Prevent Data Breaches from Hitting Your College Campus

The new school semester has begun and is off to a great start. Your students are engaged, prepared and full of spirit. Ready for their first test, they log in to their online student portal to access the exam. Just as the test is about to begin, the website crashes. Panic ensues among the students, who instantly turn to twitter and email for help.

Here’s what happened: The school did not have proper website security in place and consequently was the target of a cyberattack that shut down its website. Higher education institutions are attractive and lucrative targets to cybercriminals. In 2015, the education sector was among the top three sectors breached, behind healthcare and retail. College campuses store a wealth of confidential student and faculty data, including medical records, financial information and intellectual property for products and prescription drugs. Some of the most common attacks cybercriminals use to breach higher education institutions are hacking, malware and DDoS attacks.

Read More

why would someone hack my website

Why Would Someone Hack My Website?

It is hard to keep track of all the websites that are compromised on a daily basis. Cybercriminals are constantly crawling the web for targets, and they’ll often go after websites you might not expect, such as a vegan cooking blog. So what does a hacker look for in a website? And why would they be tempted to attack your site? Here are some examples so you have an accurate picture of common website attacks.

Read More

DDoS attacks – the gift you can’t return. Why DDoS protection is essential to your eCommerce site.

‘Tis the season of giving and holiday shoppers are crossing items off their gift lists. However, consumers aren’t the only ones feeling generous this season, cyber criminals often love to gift retailers with DDoS attacks. Today, 33% of all cyber attacks in retail come in the form of a DDoS, making it one of the most common digital threats in the industry. DDoS protection isn’t an option anymore, it’s a necessity.

Read More

It’s Never All About That Base: Three Non-Firewall Add-ons You Should Have For Website Security

Viruses used to be the only cybersecurity issue that companies worried about. With cyberthreats increasing in variety, protecting your website is no longer about installing a basic firewall. You also need to consider all the right add-ons in all the right places to develop a multi-layered security plan.

To help you start your own deployment, below are three non-firewall add-ons that you should have in order to develop a comprehensive website security plan.

Read More

DoS vs. DDoS: One on One, or One on Many

security planningPlease read the following post with this notion in mind: DoS doesn’t refer to the classic operating system, nor is DDoS a “Different” version of this system.

DoS and DDoS are two common types of cyber attacks that can block legitimate users from getting access to your website. Both attacks can cause companies to lose millions of dollars in just a few hours. According to Incapsula, the average cost of a successful DDoS attack is $500,000. Although these two attacks look similar and both have unfavorable financial influences, the difference between them is more than just the letter “D.”

DoS Attack

A Denial-of-Service attack (DoS attack) is a type of cyber attack executed from a single server or a home network. It can compromise your website in the following ways:

Read More

Think Your Current Web Security Is Enough? Think Again.

visitorsConsider this scenario: You’re the VP of IT for an insurance company. It’s 4 a.m. and you receive a frantic phone call from your CEO who informs you that sensitive client information (credit card numbers, SSN’s) has been leaked. Completely stunned, you look for answers. Turns out someone injected a line of malicious script into your website source code… nearly two months ago.

A recent report from PandaLabs suggests that “there were twice as many malware infections in 2014 compared to 2013” and that 2015 could be even worse. Today’s attacks are becoming increasingly sophisticated, and a simple malware injection can compromise your entire database.

One of the most effective and efficient ways to prevent attacks is by employing a type of website scanner. Website scan tools run in the background and can immediately identify malware and vulnerabilities but not all scanners are made equally. External malware scanners crawl each page of a site, much like a search engine, and look for malicious links or script, while internal malware scanners download a site’s source code and analyze each line looking for the signatures of malicious code. Finally, penetration testing scanners manipulate URLs and forms to attempt to exploit weaknesses in code.

Benefits:

  • Identify malware and receive notifications  if issues are found, helping keep your information secured and your website from being blacklisted
  • Automatic remediation of known threats (SiteLock® INFINITY)
  • Ensure network security by checking ports on your server to make sure only appropriate visitors gain access to your website
  • Monitor FTP and file change to provide you with full visibility of website changes
  • Protect your database from SQL injections by probing your website for weaknesses

Companies should be cautious when making purchase decisions for a scanning product as poorly performed scans can negatively impact your site’s ability to conduct business.  For instance, some scanners submit thousands of requests to web forms – such as contact forms –  to probe for weaknesses. Similarly, poorly designed vulnerability tests can spam your inbox with testing emails and impact the performance of your website due to unnecessary load (similar to DDoS).

SiteLock INFINITY is a safe and efficient solution that provides well-designed and continuous scanning, including automatic detection and removal. For an added layer of security, the SiteLock TrueShield Web Application Firewall (WAF) prevents malicious traffic from even getting in. Active website scanning tools and a WAF will help mitigate cyber attacks, and more importantly, protect your customer’s valuable data. Let’s avoid that early morning wake-up call at all costs.

 

DDoS: How to Prevent Hackers from Overloading Your Web Server

DDoS AttackWeb security has become one of the hottest topics of the past few years, with cyber attacks originating in many forms. In 2014 alone, we had the Snapchat hack, Heartbleed, Shellshock, SoakSoak and many other attacks (you can learn more about each of them here).

Read More

5 Lessons We Learned from the State of Web Security in 2014

business_identity_theftThe month of January is often a time for reflection. We’ve wrapped up an entire year and look optimistically to the year ahead of us. What we also typically do is look to the past year to see what we can learn. Now that 2015 is upon us, it’s time for reflection. What can we learn when we look at the website security landscape of 2014? Below are five events we think helped change the face of website security.

1. The Snapchat Hack

Snapchat is a popular photo-messaging app, known for letting its users send photos and videos that disappear from existence shortly after the recipient views them. In August 2013, Australian security firm, Gibson Security, contacted the Snapchat team to notify them of a vulnerability in their API that would allow hackers access to user data. Snapchat didn’t respond, and on December 31st 2013, Gibson Security released the source code for the API exploit publicly (a common Google practice)..

Snapchat was hacked immediately after the code was released, and over 4.6 million usernames and phone numbers were exposed as a result.

What did we learn from the Snapchat hack? First and foremost, never ignore web security threats or they will be exploited, resulting in data loss or data exposure. Secondly, it’s important to make sure that all of your APIs contain no loopholes or backdoors into your server. Employ an expert that specializes in API development if you have to.

Lastly, if your business does become victim to a cyber attack, respond appropriately in a transparent manner and take full responsibility – even if the hack wasn’t your intentional doing. Snapchat failed to respond appropriately, and it led to massive backlash from both its users and the press.

2. Heartbleed

Heartbleed was perhaps the most infamous web security exploit of 2014. It alone put 17% (over 500,000) of the Internet’s certified web servers at risk causing mass panic and huge financial damages.

A member of Google’s Security Team, Neel Mehta, discovered the bug in April 2014. He learned that OpenSSL, a popular open-source cryptographic security software, could be exploited by allowing a hacker to easily retrieve private data on a web server, due to a programming bug. It was later named “Heartbleed” by an engineer at cyber security company, Codenomicon.

What did we learn from Heartbleed? Any software or business, including the well-established ones such as OpenSSL (around since before the dot-com era), is susceptible to a cyber attack. Regularly scanning your website for vulnerabilities, backing up private data, and archiving inactive data are all important things your business can do to help prevent and minimize cyber attacks.

3. The Fappening

During summer of 2014, The Fappening was one of the internet’s top trending stories – a massive leak of nearly 500 private (and mostly NSFW) celebrity photos originated on Imgur, Reddit and 4Chan. But, how did hackers get the photos?

According to several sources, the breach didn’t happen all at once – photos were slowly accumulated over a long period of time, using brute-force password cracking techniques to access celebrities’ iCloud (and other cloud computing) accounts. At the time, services such as iCloud were found to have a weak data access policy, giving hackers a backdoor into customers’ private data.

What did we learn from The Fappening? Ensuring that all of your business’s online access points are secure should be one of your top priorities, otherwise you risk exposure of customers’ private data. On the other hand, it’s worth educating your customers on the importance of secure passwords, lest they end up like these folks.

4. Shellshock

Shellshock became a popular security threat back in September of 2014, after being discovered by a few Unix/Linux technology specialists. Alternatively known as “Bashdoor”, Shellshock is a family of security bugs that allows hackers unauthorized access to someone’s computer through a backdoor in the Unix operating system. Once in, computers were used as part of a greater (and more dangerous) effort to create botnets and conduct DDOS attacks.

A patch for Shellshock was released within a matter of days but it was estimated that 1.5 million attacks and probes were executed per day during that time.

What did we learn from Shellshock? It’s important to have a Web Application Firewall (WAF) installed to block malicious traffic, such as “bad” bots and hackers, from attacking your website. Fortunately, SiteLock’s TrueShield WAF blocked Shellshock almost immediately after the threat was discovered.

5. SoakSoak

2014 didn’t exactly go out with a bang – near the end of December, a new strain of malware called SoakSoak was discovered, compromising more than 100,000 WordPress websites. As a result, 10,000+ domains were also blacklisted by Google, making them inaccessible to the public.

How does SoakSoak work? The malware injects malicious code into local WordPress installation files using a vulnerability in the popular RevSlider plugin, to make the victim’s website redirect to an infected URL, soaksoak.ru. Since over 74 million websites are hosted with WordPress, the SoakSoak hack evolved to include multiple strains of malware.

What did we learn from SoakSoak? Keep all of your WordPress installations up to date, and more importantly, always make sure your plugins are updated as well. Thankfully, it’s a relatively easy since the WordPress community is quick to patch issues.

An eventful 2014 taught us…

  • To stay educated about relevant security issues and respond to incidents appropriately
  • That no software or system is invulnerable
  • To secure data egress points as well as ingress
  • A web application firewall is as important as a network firewall
  • Update, update, update

One Out Of Every Two Businesses Victim Of a DDoS Attack

DDoSIf you think that DDoS attacks are just a problem for the big guys, a new study might change your mind. The recently published DDoS Impact Survey found that nearly one in every two companies, regardless of size, were victims of a Distributed Denial of Service attack. The average cost of a DDoS attack ran to around $40,000 for every hour the attack lasted

The authors of the survey spoke to nearly 300 North American companies, ranging in size from 250 employees to more than 10,000. The responses were very troubling:

Read More

Is It Time For Mandated Website Security?

website security tipsWe’re now closing in on nearly one billion websites worldwide, and with another 6 million new domains being registered daily. Yet it’s estimated that less than 3% of those websites are secure. And guess who’s really taking notice of this glaring absence of website security?

It’s nothing new that hackers are constantly changing their tactics. What’s troubling is how quickly they adapt and adjust to whatever security countermeasures they encounter, and how creative and sophisticated their workarounds have become. That’s what happens when a crime becomes a lucrative industry, and when things like website security get overlooked hackers won’t waste a moment exploiting it.

Read More

Page 1 of 2

Powered by WordPress & Theme by Anders Norén