We Are All In The Crosshairs
Hacking has been on the increase for a long time now. The US Department of Justice says that cybercrime is one of the greatest threats facing our country. Recent reports show massive increases in hacking attempts, and many organizations are unprepared to deal with the realities of hacking when it occurs. A Los Angeles hospital even paid a $17,000 ransom this week to get its computer network back from hackers that got in and locked them our of their entire system.
We regularly get asked about how secure our servers are. That is completely understandable, when you are putting your trust and faith in us to manage the servers, your websites and sensitive data, you want some assurances that the servers you are hosted on are as secure as they can be made. Without giving away the farm, we can say that we keep our servers very secure, using such commercially reasonable means as we have at our disposal.
Most of the time people are not aware that the biggest culprit that can cause their website to be compromised is actually not even related to the server itself, but the web site applications that run on it. In this day and age, open source Content Management Systems (CMS) like Joomla, WordPress and Magento are some of the most commonly used website development and management applications. Those who are out to wreak havoc on websites like yours look to find the biggest bang for their buck by finding exploits in any of these software applications.
On nearly a daily basis, updates to Joomla, WordPress and Magento are being put out by their development teams, along with the various templates, themes, extensions and plugins associated with them, to close these security vulnerabilities. The rapid speed with which the hackers can pass along their malicious code and inject them in to your website is magnified by the fact that there isn’t just one person trying website after website, but they employ bot networks to do their dirty work. These bots spend their time crawling the internet to look for these vulnerabilities that they are attempting to exploit. As an example, back in December of 2014, the security team at Sucuri discovered more than 100,000 WordPress sites were hit with the SoakSoak.ru malware campaign, resulting in more than 11,000 domains being blacklisted by Google.
The whole purpose of malware is simply to use your website to then carry out the tasks of sending spam, setting up phishing sites, or spreading more malware or any other malicious activity. What’s even more problematic is that they will often leave back doors for them to get back in once you believe you’ve cleaned up the site, and you find yourself once again dealing with the website being compromised.
Like other hosting service providers, iComEx and our clients are not immune from the effects of these kinds of attacks. Since November 2015 iComEx has experienced an increase in hacking attempts beyond anything we have seen in our 18 years in business. In the past we would see a web site or an email account successfully hacked once, maybe twice a year. In the past 4 months we have several web sites and email accounts compromised, and it has not slowed down. Usually the negative impact is that a compromised web site starts sending out tons of spam emails. However, we have seen sites end up with radical Islamic materials, porn, and even a ransom demand like the hospital listed above.
As is the standard among hosting companies and internet service providers, iComEx has an Acceptable Use Policy (AUP) that is part of our General Terms of Service (TOS). Again, like others in our industry, our current AUP & TOS states that the ultimate responsibility for protecting access to passwords and keeping your web site secure rests with our clients. Part of our Professional Webmaster Services hosting plan includes installing new maintenance updates and security patches for major version of your web site software. Maintenance updates and security patches are not major version software upgrades.
In dealing with this increase in hacking activity, iComEx is in the process of drafting new policies regarding compromised email accounts and websites, implementing new security audit procedures and developing new service offerings that include managed backup & restoration services and hacking remediation & repair services. More information about these will be forthcoming in the next few weeks.