Any sense of security across the Internet continues to deteriorate as attacks are being reported at an alarming rate. In the last few weeks alone, we've seen attacks on the Democratic National Committee; the media company, Penton; and Poland's Defense Ministry. Add to that fears that cyber criminals are now hiding in common content management systems (CMS), quietly seeking valuable assets.
Recently bloggers have been faced with the prospect of breaches coming from trusted CMS platforms. "Vulnerable blogging platforms create a tremendous risk for a business and those visiting its sites. These vulnerabilities are devastating since just a few content management systems hold the vast majority of the market share," Craig Young, computer security researcher at Tripwire, a cybersecurity service company, told Design News.
The sites Young refers to undergird some of the world's most popular web locations. "The top three open-source CMS platforms -- Wordpress, Joomla, and Drupal -- are used by more than 1.5 million sites," said Young. "Administrators of such sites need to apply security updates as they come out without delay or they may find themselves on the receiving end of an automated attack campaign."
Your Data. Get It. Protect It. Practical information on embedding sensors in 3DP, automation & inventory control, big data as a diagnostic tool, cloud storage and security risks, and more in the Industry 4.0: Smart Strategies for Data Collection and Protection track at Automation Technology. Sept. 21-22, 2016 in Minneapolis. Register here for the event, hosted by Design News’ parent company UBM.
Cyber thieves can enter CMS's through popular plugins if those add-ons haven't been recently patched. "Site operators should carefully vet each plugin based on its value and risk before unnecessarily expanding the site's attack surface," Young told us. "It has been speculated that attackers gained access to Mossack Fonseca and its Panama Papers through a WordPress deployment with an unpatched instance of the Revolution Slider plugin or a severely out of date Drupal install."
Attackers Seek Financial Data or Extortion
Trusted sites aren't what they used to be. Attacks have become so sophisticated, virtually every web location is vulnerable to a persistent hacker. "Exploit kits and malware on trusted sites are becoming more common. They're breaching to gain access to customer databases with profiles, email, and passwords," said Young. "They may not care what data you have on your site. They want to use your site to get to other services such as Gmail or Amazon, which may contain financial data."
It's common now for attackers to hide on a site and nab assets bit by bit, over time while remaining undetected. "Generally, they don't want to be discovered for as long as possible. The longer the attack goes undiscovered, the more money for the attackers," said Young.
Not all attackers seek financial data. Some want to grab your files and hold them for ransom. "Sometimes attackers gather data to extort. They encrypt all the files on your system. You need to send them bit coins within a certain length of time if you don't want to lose all of your documents," said Young. "To unlock your files, you have to get the key from them. There's usually a timer. If it's a few hours, it's a few bit coins. If it's a week, it will be 100 bit coins. It keeps escalating."
Watch for Weird Behavior on Your Site
One of the ways to detect an attack is to look for strange behavior on your site. "You can monitor what is changing on your server. If you see files uploaded and you're not making changes, that's a sign that you need to start looking for a breach," said Young. "You can put an agent on the server, and it will notice new files that are unexpected. Alternatively there are services that will periodically look through your website."
One of the maddening aspects of cybersecurity is the difficulty in bringing these criminals to justice. "It's difficult to track them down, since it usually involves multiple national law enforcement agencies," said Young.[image via freepik]
Rob Spiegel has covered automation and control for 15 years, 12 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years he was owner and publisher of the food magazine Chile Pepper.