There’s a growing trend for hackers to spread their malware by infecting websites that rank well in the search engines for certain keywords, and using those SEO keywords to get lots of visitors who will then become victims of ‘drive by downloads’.
If you want to protect your website from those hackers, then you will need to be proactive with your security. Many websites are breached not because a hacker specifically targeted them, but simply because they were vulnerable – the hackers get a list of websites that rank well for given keywords, then use software to see if those websites are vulnerable to generalised attacks. If they find a site that is vulnerable, then they’ll ‘break in’ and infect it with their malware.
WordPress and Magento are two of the most popular platforms for business websites – they are used for blogs and content sites, and for online stores. Because they are so popular, they get a lot of attention from malicious developers and users, who know that if they can find a security hole they can exploit it for financial gain – or just for fun. WordPress, in particular, is quite an ‘open’ platform in that anyone can just develop plug-ins and themes for it and distribute them without them having to undergo extensive checks. This means that there are a lot of plug-ins out there that are not well written, and that are riddled with potential holes for hackers to exploit.
If you run WordPress, Magento – or any other online content management system or store platform for that matter – then you should look at ways of securing it. For WordPress, that means installing plug-ins to block repeated failed login attempts, renaming the admin account, and keeping the main WordPress up to date, as well as keeping plug-ins up to date as well and removing any plug-ins and themes that you are not using. You should also delete the installation directory once you are satisfied that the installation was successful.
The same goes for Magento. It’s important that you remove the installation directory, change the admin path, and rename all the users to something hard to guess. Keep the platform itself patched up to date, and keep all your extensions patched as well. This will go a long way towards ensuring that the platform runs well and is secure.
If your site does get hacked, the first that you know of it might be when a malware warning pops up when you visit the site, or when you see a warning against it in the search engines. If that happens, your first priority should be removing the malware, then fixing the exploit that caused it. Once your site is clean – and not likely to be immediately re-infected – then you can look at telling the search engines that it’s fixed and asking them to remove the warnings against your site.
Removing malware is an involved process that takes some technical knowledge – and in some cases the vulnerability is something that only the web host can fix, not an end user. So, for this reason, it’s a good idea to hire a web developer to look at your site for you – or a security expert. It can be quite expensive to fix these issues, so try to prevent them from happening in the first place! Following best practices from day one is much easier than trying to fix the issues with your site after an infection has cropped up, and takes less knowledge too.
The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness.
Mathy Vanhoef, a security expert at Belgian university KU Leuven, discovered the weakness in the wireless security protocol WPA2, and published details of the flaw on Monday morning.
“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef’s report said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.
Vanhoef emphasised that “the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
The vulnerability affects a number of operating systems and devices, the report said, including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others.
“If your device supports wifi, it is most likely affected,” Vanhoef wrote. “In general, any data or information that the victim transmits can be decrypted … Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website).”
Vanhoef gave the weakness the codename Krack, short for Key Reinstallation AttaCK.
Britain’s National Cyber Security Centre said in a statement it was examining the vulnerability. “Research has been published today into potential global weaknesses to wifi systems. The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping.
“We are examining the research and will be providing guidance if required. Internet security is a key NCSC priority and we continuously update our advice on issues such as wifi safety, device management and browser security.”
The United States Computer Emergency Readiness Team (Cert) issued a warning on Sunday in response to the vulnerability.
“The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others,” the alert says, detailing a number of potential attacks. It adds that, since the vulnerability is in the protocol itself, rather than any specific device or software, “most or all correct implementations of the standard will be affected”.
The development is significant because the compromised security protocol is the most secure in general use to encrypt wifi connections. Older security standards have been broken in the past, but on those occasions a successor was available and in widespread use.
Crucially, the attack is unlikely to affect the security of information sent over the network that is protected in addition to the standard WPA2 encryption. This means connections to secure websites are still safe, as are other encrypted connections such as virtual private networks (VPN) and SSH communications.
However, insecure connections to websites – those which do not display a padlock icon in the address bar, indicating their support for HTTPS – should be considered public, and viewable to any other user on the network, until the vulnerability is fixed.
Equally, home internet connections will remain difficult to fully secure for quite some time. Many wireless routers are infrequently if ever updated, meaning that they will continue to communicate in an insecure manner. However, Vanhoef says, if the fix is installed on a phone or computer, that device will still be able to communicate with an insecure router. That means even users with an unpatched router should still fix as many devices as they can, to ensure security on other networks.