'Tis the season .... to be vigilant. There have been a number of high profile IT and information security breaches over the past few months involving Aussie businesses and websites. The four most significant of which have been:
- Kmart: Kmart revealed it had discovered customer data had been stolen by external attackers on the 1st October 2015. Although no credit card details were stolen, customer names, email addresses, physical addresses, phone numbers and product purchase details were breached as a result of the attack. Kmart was the first of two retailers who use IBM's WebSphere Commerce software to be attacked in the same week.
- David Jones: The second one was DJs. Attackers also exploited an unpatched vulnerability in IBM's WebSphere Commerce software to obtain sensitive personal data. As with Kmart, credit card details weren't breached, but customer names, email addresses, order details and mailing addresses were compromised.
- Aussie Farmers Direct: Not long after the Kmart and DJs breaches, Aussie Farmers Direct (AFD) was hacked resulting in the personal details of more than 5000 of its customers to be posted online. AFD was contacted in the days leading up to the attack in an extortion attempt. Credit card nor banking details were compromised, but names, phone numbers, email addresses and physical addresses were.
- QLD TAFE and Dept of Education: Attackers compromised QLD TAFE and Department of Education websites and accessed sensitive data during November this year. The compromised data consisted of information lodged by members of the public via the enquiries and website feedback forms which reportedly included complaints about child sexual assault and bullying. The breach was discovered after someone sent in an anonymous threat via email.
These types of incidents can occur to anyone at anytime. Those who don't harden and patch their systems are at greater risk. Just because an organisation outsources the hosting of its web servers to outside service providers doesn't mean they're secure. It's important to ensure that your contract in place with your service provider sets out your requirements for maintaining security and patches.
At the very least, organisations should ensure their web servers:
- remain patched and hot-fixed;
- remain security hardened and "minimised";
- are protected by anti virus/malware defences;
- are supported by an ICT Recovery Plan and incident response plan to enact when required.
Centium has decades of experience in both assessing and advising on web server and general IT system security and protection. We run vulnerability scans against your systems, identify exposures and avenues for attack, and make recommendations on how to better protect them. From detailed firewall analysis, to server hardening assessment to web application vulnerability identification and even code level review, we'd be delighted to chat with you about how we can help.