Hackers are reported to be actively targeting a recent highly critical vulnerability in Drupal, a popular website platform. These attacks began just days after a security update was released which hackers reverse-engineered to produce hacking tools targeting the vulnerability.
Unfortunately, this kind of scenario is not uncommon. In the last few months Cognitous have helped several businesses with website security breaches.
Case Study: Distribution Company
In one case earlier this year we were approached by a distribution company who had received reports of strange emails being sent out to their customers and suppliers.
During our investigation we identified some strange code that had been inserted into each page of their website. Our analysis found that the code was silently capturing everything that was typed into form fields on the website, before sending the data to a server controlled by the hackers. This included every username and password combination entered into the login form. A technical analysis of this script can be found over on our labs page.
Staff members who logged on to the compromised website had their passwords stolen, and some of those had used the same password for their work email accounts. This gave the hackers access to the company’s Office 365 tenancy from where they were able to send legitimate looking emails to customers and suppliers in an attempt to steal more passwords.
Following our investigation, we helped to remove the hacker’s access and improve the security of the web server and Office 365 tenancy in order to prevent similar attacks from occurring again in future.
Protecting Your Website
Regardless of whether it uses Drupal, WordPress, or some other platform, it’s important to ensure your website is secure, deployed in a hardened environment, and that it is regularly backed up and updated.
Keeping your website updated helps to minimise the risk of it being hacked as a result of a known vulnerability being exploited. As in the Drupal case, hackers can be very quick to take advantage of known vulnerabilities so it’s important to apply these updates in a timely manner. In many cases web platform vendors provide a means to notify you when security updates are published.
Deploying a website in a hardened environment can often prevent successful attacks even if the website becomes outdated and vulnerable. For example, applying strict permissions and disabling unnecessary features could have prevented the distribution company website mentioned above from being breached. The same could prevent successful exploitation of the recent Drupal vulnerability.
Regular backups ensure that, in the worst-case scenario, the impact to your business and the data lost due to a website security breach is minimised.
Alongside these recommendations – if your business does use cloud-based email services such as Office 365 or G Suite, we strongly recommend enabling multi-factor authentication or 2-step verification. This additional security measure would have prevented the distribution company’s Office 365 tenancy from being accessed despite staff passwords being stolen.
You can check if your website uses Drupal using our free online tool here or alternatively contact us to request a free website health check. Cognitous can help you to ensure your website is secure and hardened against attackers and we offer a website security monitoring and backup solution to help you protect your website, business, and customers.