In light of recent well publicized attacks on web based infrastructure for retailers like Target (https://arstechnica.com/security/2014/02/epic-target-hack-reportedly-began-with-malware-based-phishing-e-mail/), Houston energy companies (https://online.wsj.com/news/articles/SB10001424127887323336104578501601108021968), and industrial espionage (https://abcnews.go.com/topics/business/corporate-espionage.htm) it is more important than ever to be vigilant with network and infrastructure security. Much of the spam that is produced around the world is directly related to hacking attempts. This spam is actually caused by a virus or script that infecteds a web server.
A common method of attack is called a “watering hole” attack.
As the name suggests, the goal of the attack is to get the target to come to the “trap.” A watering hole attack occurs in a few general steps:
1. The attackers identify a website that the target is known to visit.
2. The attackers then target the webserver with a malicious script or a website with malware.
This is a common source of spam. The spam attempts are often a decoy to discover information about the web server itself.
3. If the website or webserver is compromised and the target inputs confidential information, the attackers succeed.
The watering hole attack is a favorite tool against the energy industry. Many times, the attacker’s ultimate goal is not attaining personal financial data, but internal network documents, like blueprints and projects in research and development.
One of the best ways to limit exposure and to mitigate risks is to treat web security like defeat of the Spanish Armada.
One of the most popular ways to limit entry points is by blocking IP addresses known to cause issues. Most web servers around the world run a form of Linux. Many versions of Linux allow for advanced firewall configuration through a control panel or IP tables. Configuration of the firewall requires Linux scripting knowledge.
Of course blocking one IP address means that the entity behind any security breaches can also change their IP address. A successful way for server administrators to combat this problem is by blocking entire country zones with IP tables. While this is a very blunt approach, it can be very handy, especially for small business.
A local business solution.
Let’s say you have a mom and pop store that serves the local community. It is very unlikely that they would ever do business in China, especially if the owner tells you they only server a 2 block radius. If Mom and Pop’s website is under constant attack from many IP addresses originating from China, then blocking the entire country zone of China (all of the known IP addresses in China) would be a simple and straight forward approach. It should be known that blocking IP addresses should only be done if there will be no real business relationships generated in that particular country.
On the other hand, bigger brands that may do business in China must explore additional measures and block IP addresses individually.
There are easy solutions like Wordfence’s security network that are scalable up to enterprise levels.
Some advanced networks also have a cloud infrastructure just for filtering traffic. That’s because blocking communication on ports can be resource intensive.
An enterprise solution.
Bigger brands that may do business in China and other areas prone to hacking attempts must explore additional measures and block IP addresses individually. There are easy solutions, like Wordfence’s security network, that are scalable up to enterprise level. If the option is available, web server administrators should use the “Drop” command in their IP tables instead of the “Reject” command. The drop command will simply end the communication with no message back to the other end. A reject protocol will send a message back to the other end, potentially giving the attacker more information about the web server the can use against it.
Many folks are still in the dark about digital security. Make no mistake about it. Big firms have complained and have reason to complain. What do you do when a hostile organization is targeting your company for internal records? Internal records are a key part of competition and business success. If a company with brand equity and world reputation is not able to keep their information secure, then that company’s ability to earn revenue in a competitive marketplace is dramatically reduced and only the employees suffer.
Digital media professional and marketers need to pay close attention to the type of security problems on the web right now. The security for most of their big clients will inevitably trump many of the functional pieces we, as designers, love to implement. Creative professionals should partner with security professionals to develop a secure way of implementing all of the notorious “bells and whistles” that our clients deserve. Maybe, if we had cross-over individual who understand where both the client’s security needs meet the digital marketing goals, we could create a bigger impact on our clients’ bottom lines.