March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Update – Semiconductor Component Manufacturer Semikron Hit By A Ransomware Attack
August 4, 2022
August 4, 2022
Rewterz Threat Update – Semiconductor Component Manufacturer Semikron Hit By A Ransomware Attack
August 4, 2022
August 4, 2022
Severity
High
Analysis Summary
Web defacement is an attack in which malicious parties infiltrate a web page and replace the content on the page with their own messages. The messages may contain political or religious messages, profanity or other inappropriate content that would embarrass website owners, or warnings that a website has been attacked by a particular group of hackers.
Most websites and web applications store data in environment or configuration files that affect the content displayed on the website or determine where page templates and content are located. Unexpected changes to these files can be a security risk and can signal a defacement attack.
Defacement Attack Includes:
- Unauthorized access
- SQL-Injection
- Cross-site scripting
- Malware infection
StormFiber, a Pakistani internet service provider (ISP), was recently hacked by Indian hackers. The company attributed the breach to a “WordPress vulnerability.”
Earlier in the day, a Twitter user posted a screenshot of the StormFiber website.
The CEO of StormFiber’s parent business, Danish Lakhani, stated that there was no data breach because the organization have a strong backup mechanism in place across all major cities. The website was hacked due to “WordPress vulnerability”
Message displayed during the defacement of a Storm Fiber website.
“Official statement of Storm Fiber”
“A brand-new website was already under construction and scheduled to go live the following month. After sanitizing it, StormFiber representatives will quickly get it up”, the CEO added.
Impact
- Website Defacement
Remediation
- Ensure the closure of unnecessary services to the internet.
- Always enable auto security updates to keep all the assets updated.
- Establish vulnerability discovery and remediation processes.
- Implement strong WAF solutions to safeguard and monitor against a variety of attacks, including defacement.
- Implement additional security controls such as 2fa on the admin panel.
- Make Administrative application access possible internally or via a Virtual Private Network (VPN) connection.
- Administrative access should require a second factor of authentication, such as One Time Passwords (OTP) provided by a physical token device.
- Administrative access should be restricted by source IP address.
- Back up data regularly.
- Use the principle of least privilege to manage accounts.
- Conduct penetration test and vulnerability assessment.