SCORE Website Cybersecurity Presentation DASHBOARD INTERACTIVE - - PowerPoint PPT Presentation
SCORE Website Cybersecurity Presentation DASHBOARD INTERACTIVE Digital Marketing Firm that emphasizes Website Security Founded in January of 2006 13 Team Members Work with Small and Medium Sized Businesses and Agencies
Website Cybersecurity Expertise
unaware that a problem exist.
– Would your company be viewed favorably?
– Sometimes companies obtain credit to help cover costs
– Outdated theme – PHP vs current WordPress platform PHP – Security plug in not compatible with the canvas theme was being used – Plug ins not updated in over a year – No manual monitoring of the code or the server system – No human level inspection – Server config from 2008 was adapted, then a new server update occurred and the aged windows system was not updated (not keeping up with server technology) – Older windows server configuration – Shared Server – non secured – Misconfigured SSL – cheap 3rd party SSL – Server was the target. All sites on the server were most likely impacted
website.
WEBSITE CYBERSECURITY
Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site Discovered by researchers at RIPS Technologies GmbH, the "authenticated arbitrary file deletion" vulnerability wasreported7 months ago to the WordPress security team but remains unpatched and affects all versions of WordPress, including the current 4.9.6 Ticketmaster Suffers Security Breach – Personal and Payment Data Stolen Global entertainment ticketing service Ticketmaster has admitted that the company has suffered a security breach Gandcrab Ransomware Exploits Website Vulnerabilities Researchers find campaigns distributing Gandcrab by hosting malware on legitimate websites with poor security measures. Attacker Dwell Time Still Too Long, Research Shows New DBIR and M-Trends reports show the window between compromise and discovery are still way too long 2.6 Billion-Plus Data Records Breached Last Year Most exposed data records caused by human error. Google 'Distrust Dates' Are Coming Fast All the tools are in place for the migration of SSL digital certificates on a scale that is unprecedented for the certificate authority industry. Are you ready? Number of Sites Hosting Cryptocurrency Miners Surges 725% in 4 Months The dramatic increase in cryptocurrency prices, especially for Monero, is behind the sudden explosive growth, says Cyren. Millions of Office 365 Accounts Hit with Password Stealers Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.
Facebook Suspends 200 Apps Thousands of apps have been investigated as Facebook determines which had access to large amounts of user data before its 2014 policy changes. When Russian hackers targeted the U.S. election infrastructure (60 Minutes) Russian operatives launched a widespread cyberattack against state voting systems during the 2016 presidential election. Sears & Delta Airlines Are Latest Victims of Third-Party Security Breach An insecure ecosystem of third parties connected to an enterprise network poses a growing risk, security analysts say. Best Buy says some customers could be affected by data breach of third-party vendor Sears and Delta also said the vendor, [24]7.ai, might have exposed their customers' data. Criminals Targeting Magento Sites with Brute-Force Password Attacks Flashpoint says it is aware of at least 1,000 sites using Magento's e-commerce platform that have been recently compromised. Panera Bread Leaves Millions of Customer Records Exposed Online Personal information exposed in plain text for months on Panerabread.com and the company's response failed to rise to the challenge. Hudson's Bay Brands Hacked, 5 Million Credit Card Accounts Stolen The infamous Carbanak/FIN7 cybercrime syndicate breached Saks and Lord & Taylor and is now selling some of the stolen credit card accounts on the Dark Web.
Under Armour App Breach Exposes 150 Million Records A breach in a database for MyFitnessPal exposes information on 150 million users. Baltimore Hit with Hack on 911 System An attack took down part of Baltimore's 911 system for 17 hours over the weekend, and details are still in short supply. City of Atlanta Hit with Ransomware Attack FBI investigating computer outages in the city's network possibly tied to Samsam-type ransomware variant. Atlanta hit with cyberattack demanding ransom for access to files Cybercriminals Launder Up to $200B in Profit Per Year Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year. Trump Administration Slaps Sanctions on Russian Hackers, Operatives A two-pronged and mostly symbolic strategy names and shames Russia for US election-tampering and hacking of critical infrastructure. 77% of Businesses Lack Proper Incident Response Plans New research shows security leaders have false confidence in their ability to respond to security incidents. Equifax Finds 2.4 Million Additional US Victims of its Data Breach Total of victims now at 147.9 million customers.
39-seconds
biggest-risk-to-your-business-cant-be-eliminated-heres-how-you-can-survive-i.html
https://nudatasecurity.com/blog/scary-cyber-halloween/
affect-your-online-safety/
http://www.streetinsider.com/Press+Releases/Cybersecurity+Jobs+Report%3A+Workforce+Shortage+to+Reach+1.5+million+ by+2019/11145582.html
WEBSITE CYBERSECURITY
portals, etc.
proficiency, they go after bigger fish, but they practice on smaller targets first.
ransomware attacks are targeted to medical, financial, and utilities in order to have the largest impact with the least amount of effort.
and data access such as the Microsoft Wanna Cry Ransomware Attack in 2017. This ransomware attack showed that even the most powerful server systems can be breached.
WEBSITE CYBERSECURITY
Microsoft itself failed to maintain hardening at a fast-enough pace and thus is the source of the Wanna Cry Ransomware attack. Once Microsoft applied the patch at their level, many of the smaller, third party hosting resellers failed to follow suit immediately leaving their clients susceptible and breached.
– (Please note that your SSL is valid for a 3-year timeframe max as security environment needs to be reevaluated.)
Its important to know if you site is clean. – If not, your business could be in for trouble up the road and a plan needs to be developed to resolve the issues now. – If so, there is the associated peace of mind to focus on other areas. Dashboard Interactive offers Website Security Assessments and we look at the following components and more.
– CSS – JavaScript – HTML – PHP – Server Configuration – Shared Server Risks – SSL Certificates – Malicious Code – Plug-Ins – Modules – Theme Files – Images – Links – Website Redirects
Obtain a Third Party Website Security Audit from a Trained Website Cybersecurity Expert
Personnel Analytics Support 24 Hour Monitoring Quality SSL Top Notch Website Development Support Quality Hosting Provider Clean Website
Securi Hacked Website Report 2017 The one constant you’ll find in this report is the issues pertaining to poorly trained website administrators (i.e., webmasters) and their effect on websites.
We occasionally find breaches that some of the website cybersecurity software companies are unaware of and notify them of the issues.
WEBSITE CYBERSECURITY
WEBSITE CYBERSECURITY
– Outdated PHP – Copied and pasted open source 3rd party code found on Github – Outdated server configuration – Modules required by the web platform that are not in use or updated – Lack of manual monitoring – Unsecured open port on the Server – Server was out of date – Poor hosting provider
Prepared for their IT department to complete
performance
– Outdated host level PHP on the server - Host Gator – Different versions of PHP – Link pointing to a malicious website – Blog post with questionable link – Incompatible plugin – Zero day
Code, Rebuild, Replace Abandoned Plugins, added 24 Hour Monitoring
developer lack of cybersecurity knowledge. Hack occurred in October of 2017 via
flagged the site as dangerous. Site removed from search console.
– Outdated host level PHP on the server – Different versions of PHP – Heartbleed Bug – Improperly Configured SSL with Incomplete Validation – Hosting Provider – Cookies Stolen Through Shopping Cart (identifying information about the user – identity theft) – Project delayed due to developer experience and relationship with the client (opinion over fact)
Foundational Code, Building Code by Hand, added 24 Hour Monitoring
as it incorporated two 3rd Party portals. Client not confident in the security expertise of the Portal providers. Looking for an independent source to investigate and oversee web related security initiatives. Websites developed by large website development firm.
– Every employee had access to sensitive client data – 2 different injection types with 1 and 6 locations in the site respectively – 9 PUT files (from remote servers), and 1 possible XML Injection – Identified a huge vulnerability called BREACH (Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext) – 21 instances of Cross-Site Request Forgery (CSRF, or XSRF) - a vulnerability wherein an attacker tricks a victim into making a request the victim did not intend to make. Therefore, with CSRF, an attacker abuses the trust a web application has with a victim's browser – Unstable website theme, at least partially, in the site
– 2 SSL Certificates installed on the site – Wrong SSL Installed on Wrong Site, Improperly configured – Old Open Source Code from 2014 – Site was not Maintained – Host provided an unsecure C-Panel – Poor server management
businesses.
Cybersecurity Experts. They are also Highly Motivated.
has been breached.
clean, you have peace of mind.