ISIL/ISIS and your website are a topic all of a sudden. Why? Because a group of hackers has recently been busy defacing websites of American businesses. They are specifically targeting WordPress sites because of exploitable vulnerabilities in the CMS resulting in disruption. This is costly in terms of lost business revenue and expenditures on repairs to infected systems.
The defacements have affected Web site operations and the communication platforms of:
• News organizations
• Commercial entities
• Religious institutions
• Federal/state/local governments
• Foreign governments
And a variety of other domestic and international Web sites.
Why is this such a big deal- this happens all the time, doesn’t it?
What caught our attention (and the attention of the FBI) is that the perpetrators appear to be sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS).
The FBI has assessed that the perpetrators are not necessarily members of the ISIL terrorist organization. The hackers in question are using relatively unsophisticated methods to exploit technical vulnerabilities and are promoting the ISIL name to gain more notoriety than the underlying attack would have otherwise garnered. All of the victims of the defacements share common WordPress plug-in vulnerabilities, which are easily exploited by commonly available hacking tools.
Some of the steps the FBI recommends are processes already provided to our clients:
• Insure that the most up to date versions of the operating system are in use
• Insure that the most up to date versions of all applications are running
• Monitor and provide updates whenever they become available
• Patch vulnerable plugins
• Identify known WordPress vulnerabilities regularly
Case Study
If you are a WordPress user and assume your hosting company is looking out for your website consider this:
Last year, a professional services website went dark for nearly four days without any knowledge or notification. The website was hosted by a large national hosting company, selected by the office manager because they were deemed to be a good value in terms of their monthly investment. When another company’s website on that same server was targeted and hacked, and the security of the server was compromised, the hosting company shut down the server, denying service to every website on that server.
The professional services company didn’t receive so much as an email notifying them of the situation. And even though their website was not directly the target of the hack, their website was essentially taken down.
This situation could have been prevented (in this instance, the hacker identified and exploited a vulnerability in a popular slide show presentation plugin, one used in tens of thousands of websites around the world) with a little more process and some routine research.
If keeping your website operational is important to your business, look for a hosting partner that has a process for continual security improvement, someone with a laser-sharp focus on research and a motivation to anticipate where new vulnerabilities may come from.
And don’t sit back and wait for the FBI to inform you…
