Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/16/2011
03:45 PM
50%
50%

SMB Websites Face Mass Meshing Attacks

Here's how to protect your SMB website--and what to do if it's been compromised.

-- Do your homework on Web hosting providers, and choose a good one. Hackers love to target shared hosting vendors, because when they find a vulnerability it often leads to a bumper crop of sites they can hit. "Choose your Web hosting provider wisely," Huang said. "Some hosting companies are well-known to have vulnerabilities in their shared hosting environments." He added that there are good online forums where SMBs discuss their experiences with various hosting providers.

-- Run current antivirus software on all of your PCs, and especially those used to manage the website. Huang said that reliable, free options such as Microsoft Security Essentials mean even the leanest SMBs have "no excuse" to not deploy antivirus software.

-- Stay on top of critical software patches. Huang lists Microsoft, Adobe, and browsers as the top three priorities and says SMBs shouldn't delay downloading and applying fixes, especially when mega-updates such as Tuesday's Microsoft release come out.

-- Likewise, if you use turnkey, third-party website components such as shopping carts or content management systems, always keep them updated with the most current version--especially if they're open source. For example, Huang said: "As soon as WordPress releases a new version, the whole hacking community knows about the vulnerabilities of the previous version and they're ready to attack."

-- Scan your site's custom code for vulnerabilities. There are commercial systems available, but budget-conscious SMBs can do this without spending money. Huang points to NetSparker's community edition, for instance, and said that next month Armorize will release its own whitebox version of CodeSecure that will scan up to 10,000 lines of source code free of charge. He also notes a variety of online sources for extra guidance, such as The Open Web Application Security Project.

SMBs looking for extra help in spotting mass meshing threats should look to their existing website vendors; they might be able to leverage monitoring services as part of an existing agreement. Huang said SSL-certificate providers such as Symantec's VeriSign often include such services.

If your site has suffered from a mass meshing attack, act quickly. Here's what Huang advises:

-- The first response for many SMBs--particularly those with limited internal IT staff--should be to call their Web hosting provider. The good ones, Huang said, will often be able to help and may have already identified a fix, particularly if they have other affected customers.

-- Change your site's admin password, but don't do so immediately: First, run an antivirus scan on the PC. If it's infected, the attacker will have access to the new password, too.

-- Scan your systems--including files, databases, and config files--for backdoors. Huang concedes that this might exceed the comfort zone of some SMB owners and staff; in that case, it may be time to bring in an outside vendor.

-- Finally, when the site is clean and secure, begin the crucial process of restoring its traffic and reputation. Google's Webmaster tools allow for blacklisted sites to request re-evaluation, for starters.

If all of this sounds like grunt work, it is. And it's absolutely necessary. Otherwise, SMBs are advertising their site to the wrong audience: Hackers. The bad guys profit when smaller businesses are too busy or careless to attend to online security. But SMBs should have a profit motive here, too. In a follow-up email, Huang wrote: "When attacks take your competitors down, your value will show."

It doesn't pay for small and midsize businesses to protect against security threats faced by only the largest companies. Here's how to focus your efforts on the right threats. Download our all-digital supplement. Download it now.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32716
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-U...
CVE-2021-32717
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibilit...
CVE-2021-32712
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
CVE-2021-32713
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
CVE-2021-32710
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. For older versions o...