A large number of websites are defaced each day, and just because you’re not a big company doesn’t mean that your own site is safe. As we’ve seen on numerous occasions, hackers, particularly hacktivists, often target random websites just to spread their political message.
If one day you access your website and instead of the regular content you find the logo of a “cyber army” on the front page, Solutionary’s Incident Response Team Lead Susan Carter has some useful tips for you.
1. If your company doesn’t rely too much on its website for regular business operations, disconnect the server from the network.
2. Before you shut it down, grab a copy of the volatile memory. The information is useful for a forensic investigation.
3. Review logs to find out how the attackers got it, the source of the attack, and what other resources they might have accessed. In some cases, the hackers do more than just deface the website.
4. Scan your server to see if it’s infected with rootkits, Trojans and backdoors.
5. Ensure that all software is patched and up to date.
6. Make sure your servers are hardened, according to best business practices.
7. If possible, disable Web content publishing.
8. The attackers might be using some common tools, so it might be wise to block utilities such as cmd.exe and ftp.exe.
9. Make sure that third party vendors like ColdFusion, PHP and IIS are up to date with patches and configuration tips.
If you follow these steps, you not only limit the damage that could be done after the defacement, but you also prevent future attacks.
As Carter highlights, “Your website presents your organization’s image. A website defacement can cause significant losses from downtime as well as loss of customer faith in performing secure online transactions.”