Web Hosting Servers At Increased Risk of Attack by Hackers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.inquisitr.com/1115781/web-hosting-servers-at-increased-risk-of-attack-by-hackers/

There's a school of thought that malicious hackers go after the lowest
hanging fruit -- the easiest target -- when they look for computers to
commandeer for use in sophisticated attacks. For a long time, desktops were
a prime target because their users are less likely to be savvy enough to
recognize these attacks.

The trend appears to be changing, however. According to
reports<http://www.computerworld.com/s/article/9238712/Hackers_target_shared_Web_hosting_servers_for_mass_phishing_attacks>,
the favored target is quickly becoming web-hosting servers, because they
offer more bang for hackers' buck; one compromised server can infect
thousands of web sites.

These servers can, in turn, be used to deliver malware to people who visit
the infected sites. Also, their vast amounts of bandwidth and processing
power are used to launch denial-of-service attacks against businesses and
governments.

"Threat actors -- hacktivists, national state actors, and cyber criminals --
will continue to conduct land grabs for high-powered infrastructure and
compute power in 2014," said J.D.
Sherry<http://www.networkcomputing.com/next-generation-data-center/servers/cisco-security-report-internet-infrastru/240165453>,
vice president of technology and solutions at Trend Micro.

"Several reasons are in play for this. The first is there is still a
tremendous amount of DDoS attacks against banks and other critical
infrastructures. Having large amounts of processing power across many geos
helps with this."

How hackers are taking over servers

The way these threat actors are able to control a server may sound simple.
"They're installing malware to maintain control over resources," says Levi
Gundert<http://www.networkworld.com/news/2014/011614-cisco-web-hosting-centers-277621.html?hpg1=bn>,
Cisco technical lead for threat research, analysis, and communications.

The malware can be installed a number of ways, but most commonly,
organizations are compromised as a result of a spear-phishing campaign in
which the victim opens a malicious email that gives the attacker a foothold
in the network. From there, invaders are able to escalate their attack to
obtain control eventually over the servers themselves.

Not all hosts are equally vulnerable

While no web hosting firm can claim to be 100 percent protected against
malicious attacks, some firms are making a more concerted effort to protect
themselves and the sites they host. Social media sites and company blogs
are a rapidly-growing channel to communicate to
customers<http://www.linkedin.com/company/hostgator.com> ways
to help prevent such attacks, such as keeping WordPress installations
up-to-date. With the rising popularity of WordPress as a CMS, other firms
are taking it a step further, configuring their WordPress-specific
clients<http://www.hostgator.com/apps/wordpress-hosting> to
automatically update WordPress immediately whenever new updates are
released.

Customers looking for a secure web hosting provider should only consider
firms that keep updated technical controls in place, including firewalls,
intrusion detection and prevention, anti-virus, and network monitoring.

Firms that fail to consistently and frequently update server operating
systems, and essential security patches are at increased
risk<http://technet.microsoft.com/en-us/library/cc723503.aspx>.
Furthermore, servers that are not up-to-date and not running updated
antivirus software are specifically at risk.

Conclusion

In response to these heightened security concerns, many firms are
introducing clearly visible policies that dictate how quickly customers are
informed of a potential breach, allowing customers to implement measures to
halt any successful breaches. Such policies are important indicators of the
level of security offered by firms throughout the industry.

While hackers and anti-hackers have always played a game of cat-and-mouse,
attacks have historically been targeted at individual consumers. Now, the
pressure is on for web hosting firms. While this trend means more work for
web hosts, it also means better security measures for consumers. Let's hope
the good guys win this round.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!