When You Become the Enemy
Malware is distributed in a number of ways. Many web attackers focus their efforts on attracting potential victims to visit malicious sites and, to prevent this from happening, a lot of organizations restrict employee access to reputable sites only. Hackers, however, are aware of this practise and counter it by hacking legitimate sites and turning them into drive-by-download platforms and thus a channel to distribute malware.
Recently, Websense discovered that Amnesty International’s official site had been compromised and was distributing malware. This was not a one-off; only a few months ago, a very popular server on the official site of MySQL, was hacked and used to distribute malware for a short period of time.
So what can you do?
Organizations that allow employees to browse the web must have security mechanisms that can detect when a malware attack has occurred. Simply telling users to stay away from disreputable sites is not enough to protect your network. There are various tools an administrator can use, such as reputation services that are periodically updated, to virus scanners and other technologies that detect this variety of malicious attack.
What can you do if you’re the compromised web host?
What this story teaches us is that we all can inadvertently end up distributing malware. A simple hack can turn your trusted and reputable site into the malware distribution mechanism everyone is trying to stay away from. There is no telling what damage this could do to your company’s reputation.
The first thing you must do is make sure that an attacker does not have an easy time compromising your website. Pre-emptive measures include updating all your software and ensuring your servers are properly and securely configured. This is not a one-off job and you need to carry out frequent audits on your web server to identify missing patches and vulnerabilities that could be exploited.
If you’re unlucky and your website is defaced or hackers install malicious drive-by downloads on your web server, you don’t want to be alerted by someone in the media. Therefore an effective way to stay on top of the game in this situation is to make sure that any files on your web server have not been compromised. You can do this using simple script that downloads all the files on your web server and compares them to a safe local copy. If unauthorized changes have been made to the files you are immediately notified. Automating this process will give you peace of mind that should the worst happen, you can take corrective action in a very short time.
Internet usage in an organization can open the door to some nasty stuff. Taking a proactive approach as I’ve outlined above can help you go a long way towards mitigating the danger.
Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!
It’s also important to remember that the way you express this information to the public is equally important. More damaging than the files being distributed to users through a malicious attack is the damage your reputation and brand can face if you can’t face the press and tell them why it happened, how fast the response was, and why it won’t happen again.
I agree with Ryan that the way you handle this in PR terms is also very important. Many security breaches go unreported, unless hackers themselves brag about them because many companies will not admit for dear life that they have been hacked. Probably they are afraid that when they admit it, this will make them look incompetent but everybody who has even a vague idea of security knows no matter how good you are, you can never be sure you are 100 per cent hacker-proof.
It’s a bit hard to take sides on this to be honest. True, people who are security minded are likely to understand that a breach cannot be 100% prevented by anyone.
Problem is you’re very likely to have customers that arent security minded and all they will see is that if they give you their details they might end up with their details compromised because if a hacker could do it once, they can likely do it again.
Of course on the other hand it will look worse if it becomes apparent that you’re trying to hide it or if it is obvious you’re trying to down play the situation.
No one would want to be “unreputable”, especially if you’re a big company with a respected brand.
IT administrators are brand keepers, as well. They should be in constant watch if any of the company email users, or the company website has been compromised. Being a marketing manager, I know the perils of doing “damage control.” Prevention is still the key. That’s why I also keep a close watch over not just with how our site looks and what it says but also if in any way, it can be hacked and be made an instrument of malicious attacks.
But, so often, the crises managers are the one who gets the hero’s prize, not those who prevented a crisis in the first place. Oh, well.