Scan Your Business Website for malware attack

Digital security certificates ensure that the websites are genuine and authorized and are malware free. Users find it as a trust factor that the website they visit is safe and secure. However, consider the digital security certificates are compromised, how can users be secured from such compromised websites?

The current digital security certificates that data transmitted between the website owners and the website visitors are encrypted and can be decoded only by private keys which is accessible only by the website owners. The encryption will help to protect sensitive business or customer-related  information that gets transmitted through the website

In the meantime, present-day antivirus programs instantly terminate sites that are not secured by such certificates, with this the hackers find it a challenge to inject malware code into devices by means of the infected site.

As per a senior consultant from KPMG, security certificates are considered to be a key trust-worthy factor because they require strict validation of payment and identity proof. The certificate is verified to check if it genuinely belongs to that intended entity – organization or person, that is mentioned in the certificate’. This prevents the hackers from attacking the website.

To compromise a huge number of users’ data, cyber-criminals are trying methods and techniques to steal security certificates or create their own security certificates marked by a Certificate Authority, they would then be able to utilize such testaments to dodge antivirus protection system and to contaminate a large number of site visitors with malware.

This works best for the hackers because, when antivirus software identifies a security certificate in place, they do not scan the website for malware activities. This enables hackers to exploit the website for a free run.

‘With an authentication, the malware is permitted to run. Bypassing these advancements can give way to a digital criminal association to establish a security breach’.

With legitimate certificates being the source for hackers to enter, hackers find ways to steal genuine certificates and further using it to sell certificates to the cyber-criminals. There are reports that some cyber-security breaches have happened recently just by exploiting the use of stolen legitimate digital certificates.

The implementation of genuine certificates can stay a standout amongst the best approaches to sidestep protection measures and keep malware running in the framework under the radar,’ says Marta Janus, senior threat specialist at Cyclance.

‘stealing certificates is not a complex task, so at first, this method used to be discovered basically in advanced targeted threats. It’s not surprising that digital-criminals understood the potential esteem that genuine security certificates can have on the underground market, and have found ways and techniques to loot such certificates.

IonCube Malware Infects WordPress and Joomla Websites

Recently, more than 700 WordPress and Joomla websites were found to be infected with IonCube Malware. A total of more than 7000 files were infected. These websites were infected with legitimate IonCube encoded files. Key directories of a WordPress site, such as “wrgcduzk.php” and “diff98.php”,  were infected by this malware.

In brief, IonCube is actually a  PHP Encoder employed for encrypting and protecting files with PHP encoding, obfuscation, encryption and licensing capabilities. Hackers are known to use the  IonCube Malware for creating a backdoor on vulnerable websites permitting them to steal data from the Victims.

Researchers must have gone around using terms like “Joomla hacked” and “WordPress hacked” as part of their effort to decipher this hacking incident. At the initial stage, the researchers were able to detect IonCube Malware WordPress site files that encoded with IonCube, considered to be one of the oldest and extremely difficult for reversing  PHP obfuscation technologies. Additional analysis disclosed the fact that this malware infected CodeIgniter and Joomla files and is thus visible on almost all web servers running PHP. According to  SiteLock, it was discovered that the files failed to constantly follow malicious naming patterns, referring to the fact that harmless files with names like “menu.php” and “inc.php” also contained this malware.

The researchers also discovered the fake file to have a code block after the PHP closing tags, similar to the legitimate IonCube file. However, this code block, unlike the real file, comprises of only alphanumeric characters and newlines. What was further noticed is that each legitimate IonCube file reference to the ioncube.com domain was not present in the fake files.

Mitigation by SiteLock

If ionCube-encoded files have not been intentionally or specifically installed by you or your developer, then any file claiming to use ionCube is likely to be suspicious since the effective usage of IonCube generally needs manual server configuration. Moreover,  cross-compatibility with varied versions of PHP is found to be minimal, thus decreasing the viability of use as malware.

Get Protected with cWatch Now!

10 Common Web Application Security Mistakes

Most Common Web Security Mistakes to Avoid When Developing a Web Application

Web application development is a long process as it involves creating a user-friendly app from scratch and one that is capable of simultaneously maintaining high performance and web security. For all developers, web application security is one area that functions partially beyond the creator’s control as it is just not possible to even guess who is on the other end of the HTTP connection.

Hence, one will have to combat with too many web security concerns in order to establish a secure and safe app. Some of these concerns include data safety and the possibility of fake data entering the database.  Given below are 10 of the most common web security vulnerabilities users can avoid.

1. Permitting Invalid Data to Enter the Database

All input provided by your users will have to be taken with all defensiveness. Failing to validate what you receive could result in you paying a high price for possible cross-site scripting, SQL injection,  command injection or another similar security threat.

2. Focusing on the System as a Whole

This is evident when considering large custom projects in which a team of developers divide the work in order to secure varied areas of the app. Things are in fact not very clear with the project as a whole even though individual security of those parts could be leading the class. This is indeed a popular way to cause several handoffs which results in your data becoming extremely vulnerable to attackers. You will thus have to ensure that your app continues to be secure even when all its components are brought together.

3. Establishing Personally Developed Security Methods

Developers mostly assume that they will do better by using a homegrown algorithm or method. This is because they believe that if it is more authentic it could be increasingly safer as it will be unfamiliar to hackers. However, in reality, authentication is not just more of an expensive process, but it also increases the chances of creating security holes that can be discovered very easily. Well-tested libraries are thus considered to be the best way for this whole process.

4. Treating Security to be Your Last Step

Security is not a simple thing that can be included towards the end of a process. It has to be built in as the very foundation of the whole project and should not be ignored as just another feature that can be developed any time. It is under such scenarios that your application becomes prone to misconfigurations and other such vulnerabilities like SQL injections.

5. Developing Plain Text Password Storage

Web security can be further enhanced by using a safe way to store passwords. Plain text password storage is considered to be the most common and dangerous mistake and should be avoided. Only passwords and important data should be stored in the database.

6. Creating Weak Passwords

If you are a developer concerned about the safety of the app, then you will have to create clear rules for passwords.

7. Storing Unencrypted Data in the Database

The unencrypted storage of all significant details is one of the common mistakes linked to data storage. This leads to putting user data at a great risk whenever your database is compromised. When your database is attacked, encryption is considered to be the only way that will help prevent a huge loss of information. All developers should keep in mind that hackers are capable of attacking everything that is stored online.

8. Depending Excessively on the Client Side

Depending to a great extent on the client side code results in a developer losing its influence over the critical functions of the app, thus taking away a huge portion of the control over security.

9. Being Too Optimistic

A good developer should always be aware of the fact that web security development is a never-ending process due to the consistent possibility of having security holes. With this in mind, a good developer should constantly be ready to search and fix the mistake.

10. Permitting Variables via the URL Path Name

Placing variables in the URL is a very grave mistake that anyone can make since it usually provides an allowance to freely download any file containing important data that your app keeps.

These common web security vulnerabilities establish the fact that security should be the prime concern for all developers whether they are working on a startup or in the process of developing a huge business-related project.

What is an SQL Injection (SQLI)

What is SQL Injection (SQLI) Attack?

SQL Injection (SQLI) is a backend database method used by hackers to take control of a web application by injecting malicious SQL codes. SQLI attacks are becoming very widespread, because they are easy to do and require very little technical knowledge to perform. SQLI is a web application server issue which most of the developers are unaware of.

SQL Injection Types:

Hackers insert malicious SQL codes using different methods which includes retrieving of data in form of errors, conditions, and time. Let’s take a detailed look at the SQL Injection types:

SQL Injection Types

  • Error Based SQL Injection
  • SQL Injection Based on Boolean Errors
  • SQL Injection done through Time Based Query

1. Error Based SQL Injection:

In this method hackers can easily fetch details such as table names and content from visible database errors and this could be identified easily by hackers on the production servers. The best method here is to avoid displaying database error messages which in turn prevents hackers from fetching that information.

2. SQL Injection Based on Boolean Errors:

In a few cases, the error message is not displayed in a page when an SQL Query fails which makes it difficult for the hackers to gain entry into the vulnerable application. But there is still a way for the hackers to find information. Whenever an SQL query fails some parts of the webpage seem to disappear or the whole website will fail to load.

On confirmation of these notifications the hacker inserts a false condition into the SQL query to test the vulnerability level of the application and the proximity of data extraction.

Example:
https://xyz.com/index.php?id=1+AND+1=1

After inserting this query if the website loads normally then it gives an indication that it is vulnerable to an SQL injection. To confirm this suspicion, the hacker would put a wrong query:

https://xyz.com/index.php?id=1+AND+1=2

As this condition is false and if the webpage does not work as usual it shows that webpage is vulnerable to SQL Injection attack.

3. SQL Injection done through Time Based Query:

In many cases the Vulnerable SQL queries would be displayed visually in a web page but can be still easy to find out. Hackers here instruct the database to wait for a certain time period before responding. If the site denies this and loads without any pause it means that they are not vulnerable. The SQL query implemented here would be similar to Boolean Attack but would have a sleep function in the query. For example if the sleep time is 5 seconds then it instructs the database to sleep for 5 seconds.

Example Query:
https://xya.com/index.php?id=1+AND+IF(version()+LIKE+’8%’,sleep(5),false)

Methods to Prevent SQL Query:

False SQL queries entry can be avoided by

Locating these  SQL queries in a manual aspect would prove to be costly as there are chances of missing out. Hence, getting a website security software is a good step.

Implementing a web security software helps to validate this issue by having a thorough check on each and every query. Even if a vulnerable query is found it makes sure that web page is loading properly by hiding the queries from the database.

  • replacing special characters such as ( “”, “%”, “\”, “_” ”#”).
  • Stored procedures being used up in database
  • Use of prepaid statements in queries.

Top 10 Vulnerability Assessment Scanning Tools

Vulnerability assessment enables recognizing, categorizing and characterizing the security holes, known as vulnerabilities, among computers, network infrastructure, software, and hardware systems.

If vulnerabilities are detected as part of any vulnerability assessment then this points out the need for vulnerability disclosure. Such disclosures are usually executed by individual teams like the organization which has discovered the vulnerability or Computer Emergency Readiness Team (CERT). These vulnerabilities become the key source for malicious activities like cracking the websites, systems, LANs etc.

6 Easy Steps for Assessing the Vulnerability Security of Any Network

1. Identify and realize the approach of your company or industry like how it is structured and managed.
2. Trace the data, systems, and applications that are exercised throughout the practice of the business
3. Examine the unobserved data sources capable of allowing simple entry to the protected information
4. Classify both the virtual and physical servers that run the essential business applications
5. Track all the existing security measures which are already implemented
6. Inspect the network for any vulnerability

Vulnerability Scanners

Vulnerability scanners automate security auditing and can play a vital part in your IT security by scanning your network and websites for different security risks. These scanners are also capable of generating a prioritized list of those you should patch, and they also describe the vulnerabilities and provide steps on how to remediate them. It is also possible for some to even automate the patching process.

Top 10 Vulnerability Assessment Scanning Tools

  • Comodo HackerProof
  • OpenVAS
  • Nexpose Community
  • Nikto
  • Tripwire IP360
  • Wireshark
  • Aircrack
  • Nessus Professional
  • Retina CS Community
  • Microsoft Baseline Security Analyzer (MBSA)

1. Comodo HackerProof

Comodo’s HackerProof is considered to be a revolutionary vulnerability scanning and trust building tool that enables overcoming the security concerns of your visitors. Following are a few key benefits you can obtain from HackerProof:

  • Reduce cart abandonment
  • Daily vulnerability scanning
  • PCI scanning tools included
  • Drive-by attack prevention
  • Build valuable trust with visitors
  • Convert more visitors into buyers

Besides the above-mentioned benefits, HackerProof also provides the visual indicator needed by your customers to feel safe transacting with you. It helps decrease shopping cart abandonment, enhance conversion rates, and drive your overall revenue up. Finally, it includes patent-pending scanning technology, SiteInspector, which is capable of eliminating drive-by attacks, thus providing a new level of security for all those who proudly display the HackerProof logo.

2. OpenVAS

This is an open source tool serving as a central service that provides vulnerability assessment tools for both vulnerability scanning and vulnerability management.

  • OpenVAS supports different operating systems
  • The scan engine of OpenVAS is constantly updated with the Network Vulnerability Tests
  • OpenVAS scanner is a complete vulnerability assessment tool identifying issues related to security in the servers and other devices of the network
  • OpenVAS services are free of cost and are usually licensed under GNU General Public License (GPL)

3. Nexpose Community

Developed by Rapid7, Nexpose vulnerability scanner is an open source tool used for scanning the vulnerabilities and carrying out a wide range of network checks.

  • Nexpose can be incorporated into a Metaspoilt framework
  • It takes into account the age of the vulnerability like which malware kit is employed in it, what advantages are used by it etc. and fixes the issue based on its priority
  • It is capable of automatically detecting and scanning the new devices and evaluating the vulnerabilities when they access the network
  • It monitors the exposure of vulnerabilities in real-time, familiarizing itself to latest hazards with new data
  • Most of the vulnerability scanners usually categorize the risks employing a medium or high or low scale

4. Nikto

Nikto is a greatly admired and open source web scanner employed for assessing the probable issues and vulnerabilities.

  • It is also used for verifying whether the server versions are outdated, and also checks for any particular problem that affects the functioning of the server
  • Nikto is used to perform a variety of tests on web servers in order to scan different items like a few hazardous files or programs
  • It is not considered as a quiet tool and is used to test a web server in the least possible time
  • It is used for scanning different protocols like HTTPS, HTTPd, HTTP etc. This tool allows scanning multiple ports of a specific server.

5. Tripwire IP360

Developed by Tripwire Inc, Tripwire IP360 is considered to be a leading vulnerability assessment solution that is employed by different agencies and enterprises in order to manage their security risks.

  • It uses a wide-ranging view of networks to spot all the vulnerabilities, configurations, applications, network hosts etc.
  • It uses the open standards to help in the integration of risk management and vulnerability into multiple processes of the business

6. Wireshark

Wireshark is an extensively used network protocol analyzer considered to be the most powerful tool in the security practitioners toolkit.

  • Wireshark is used across different streams like government agencies, enterprises, educational institutions etc.. to look into the networks at a microscopic level
  • It captures the issues online and executes the analysis offline
  • It runs on different platforms like Linux, masOS, Windows, Solaris etc.

7. Aircrack

Aircrack, also known as Aircrack-NG, is a set of tools employed for assessing the WiFi network security.

  • Aircrack tools are also used in network auditing
  • It supports multiple OS like Linux, OS X, Solaris, NetBSD, Windows etc.
  • It focuses on different areas of WiFi Security like monitoring the packets and data, testing the drivers and cards, replaying attacks, cracking etc.
  • With Aircrack, it is possible to retrieve the lost keys by capturing the data packets

8. Nessus Professional

Nessus tool is a branded and patented vulnerability scanner created by Tenable Network Security.

  • It prevents the networks from the penetrations made by hackers by assessing the vulnerabilities at the earliest
  • It can scan the vulnerabilities which permit remote hacking of sensitive data from a system
  • It supports an extensive range of OS, Dbs, applications and several other devices among cloud infrastructure, virtual and physical networks
  • It has been installed and used by millions of users all over the world for vulnerability assessment, configuration issues etc.

9. Retina CS Community

Retina CS is an open source and web-based console that has helped the vulnerability management to be both simplified and centralized.

  • With its feasible features like compliance reporting, patching and configuration compliance, Retina CS provides an assessment of cross-platform vulnerability
  • Retina CS help save the time, cost and effort for managing the network security
  • It is included with automated vulnerability assessment for DBs, web applications, workstations, and servers
  • Being an open source application, Retina CS presents complete support for virtual environments like vCenter integration, virtual app scanning etc.

10. Microsoft Baseline Security Analyzer (MBSA)

MBSA is a free Microsoft tool ideal for securing a Windows computer based on the specifications or guidelines set by Microsoft.

  • MBSA allows enhancing their security process by examining a group of computers for any misconfiguration, missing updates, and any security patches etc.
  • It can only scan for security updates, service packs and update rollups putting aside the Critical and Optional updates
  • It is used by medium-sized and small-sized organizations for managing the security of their networks
  • After scanning a system, MBSA will present a few solutions or suggestions related to fixing of the vulnerabilities

Protect Your Website From A Bot Hack

Many people believe that their websites are safe and that they will not be attacked by hackers. They live with the assumption that their business is too small to be hacked. The time has come to do away with such assumptions and think about ways to cure their website.

Attackers on the internet do not always target specific sites. Most attacks are brought about by bots, which are not concerned with who you are or what your website or business does. Determining whether you are infected by scanning your website is the first step in protection again malware such as bots, trojans, worms, and viruses to mention a few.

Imperva, a web security company, points out that half of all website visitors are bots and that almost 29% have the malicious intent in attacking your website. The finding further revealed that the less traffic a website has, the more it is likely to be attacked. Proving that bad bots not only will attack any website regardless of its purpose but have no concern on whether it is a heavily visited site or not. We need to realize that bots are not human but are automated attacks unbiased to the website with the primary goal of breaching websites and increasing their amount of controlled sites.

Example of a Bot Hack

Recently, Honeynet, a global non-profit security research organization, set up a honeypot for tracking security attacks on a cloud-based web server. This ran on a barebones Amazon Web Services (AWS) instance. It did not have a domain name nor was running services that would be useful to anyone else. A short while after starting the server, they began capturing network packets for a 24-hour time frame using Wireshark, the best network traffic analysis tool currently available. This was followed by examining the packet capture file with Wireshark; p0f, a passive TCP/IP traffic fingerprinting program; and Computer Incident Response Center’s (CIRCL) Border Gateway Protocol (BGP) ranking API.

Within a matter of 24 hours, this unnamed and almost invisible web server was under attack more than a quarter of a million times. This example is thus a wake-up call for you to start locking down your website.

Most of these attacks were made via Secure Shell (SSH). This was followed by researchers opening a honeypot to gather attack data. A honeypot refers to a server that has been designed to look just like a real website. In order to keep the project workable, the researchers decided to open up the Web’s Hypertext Transfer Protocol (HTTP), SSH, and also the Telecommunications Network (Telnet) protocol for attacks.

  • HTTP

Most numbers of HTTP attacks were carried out on PHPMyadmin, a well-known MySQL and MariaDB remote management system. A number of web content management systems depend on these databases. Vulnerable WordPress plugins were also often attacked. It should be noted that this was done on a system that hadn’t emitted a single packet towards the outside world even in honeypot mode.

  • Telnet

A few IoT gadgets use Telnet for configuration and management. This is actually asking for your devices to be hacked.

  • SSH

As for SSH, an increasing number of the attacks were brute-force assaults running via lists of commonly used passwords and usernames over the entire range, 1-65535, of TCP ports.

Conclusion

Imperva has discovered that one in three website visitors is, in fact, an attack bot. Imperva and Holberton also discovered that the attack patterns recorded for SSH and HTTP depended on generic exploit attempts that seemed to scan different IP addresses for common vulnerabilities. Telnet relied on much simpler intrusion methods by brute forcing with combinations of default usernames and passwords.

These attacks are actually impelled by botnets and bots in order to attack all or any of the sites they discover. These automated hackers are hunting for websites that are unprotected and weak.

It is thus essential for you to secure your website using fundamental security rules. Some of these basic rules are listed below:

  • Use firewalls to block all ports to your site except for the ones you use
  • Disable any internet-facing services unless you are using them
  • Keep your software patched and up to date
  • Scan websites for malware attacks
  • Update your site as soon as a new Content Management System (CMS) version or plugin is available

Are You One of the Millions Secretly Victimized by Cryptojacking

Bitcoin… Blockchain… Cryptocurrency… and Now Cryptojacking!

I know what you’re thinking… I have nothing to do with these technologies, why should I care?

As of March 2018, the market cap for cryptocurrencies surpassed $264 billion and has become the new bull’s eye for cybercriminals.

And the bottom-line is… if you have a website, then you need to know how to protect your website and its visitors from hackers.

Cryptocurrency, Mining, and Cryptojacking 101

Nearly everyone has heard of the surge in value of cryptocurrencies such as Bitcoin, Ethereum, Monero, and Zcash. But what is the relevance of mining cryptocurrencies and how does it really affect me?

With regular money, there is a central bank that authorizes the issue of new notes and like any man-made system, it is prone to corruption.

Enter the world of digital money, aka cryptocurrency, designed to be absolutely secure and anonymous.

Cryptocurrencies allow users to make secure payments without having to go through banks.

Generated through a process known as ‘mining’, or cryptomining, transactions are verified and added to the blockchains (digital ledgers) to prevent deception, fraud, corruption, and the like.

The verification of these blockchains require serious CPU power to the extent of an entire warehouse with computers from floor-to-ceiling and the titanic electric bill that follows.

As payment for these huge costs, cryptominers are paid cryptocurrencies as fees by the merchants of each transaction.

Sounds pretty fair, right? Payment for services rendered.

Well it sounds pretty fair to cybercriminals too, minus the warehouse, minus the hardware, and minus the electric bill.

This is where you come in and this is where you get cryptojacked!

These cybercriminals target computers, servers, and networks, in order to mine for cryptocurrency using your resources such as websites, computers, and electricity.

Basically, you pay for the resources and they reap the financial benefits, to the tune of millions of dollars!

On April 4th, 2018, an unknown hacker attacked the Verge cryptocurrency platform. The attack lasted a miniscule three hours, but unofficially reported that the attacker stole a whopping $1,373,544. Since then, the firm has updated the system with a patch to prevent further exploitation.

How a Cryptojacker Infiltrates

There are several ways cryptojackers infiltrate a victim’s computer to secretly mine cryptocurrencies.

Cryptojacking requires no download, starts immediately, and is completely unnoticeable.

The undetectable nature by which it performs makes it the new stealth bomber of the cyber threat industry.

In either case, the malicious code running stealthily on the victims’ computers, stealing CPU resources, and secretly mining cryptocurrencies for the hacker.

Danger to Website Owners and Their Visitors

Cryptojacking is dangerously effective and with the recent rise of Bitcoin, cybercriminals are redirecting their focus away from ransomware in favor of cryptocurrency mining.

In its latest report, The U.K.’s National Cyber Security Centre, emphasizes cryptojacking as a “significant” concern.

The report noted that 55 percent of businesses worldwide suffered from cryptomining attacks last December.

The agency added that “we assume the majority of cryptojacking is carried out by cyber criminals, but website owners have also targeted visitors to their website and used the processing power of visitors’ CPUs, without their knowledge or consent, to mine cryptocurrency for their own financial gain.”

Massive Impact of Cryptojacking

The most recent quarterly report from Comodo Cybersecurity Threat Research Lab stated: “During Q1 2018, Comodo Cybersecurity detected 28.9 million cryptominers incidents”. Also noting that, “cryptocurrencies have become a favorite target of cybercriminals”.

Furthermore the report outlined the number of unique cryptominer variants grew from 93,750 in January to 127,000 in March, as shown in Fig. 1 below. At the same time, ransomware activity decreased 42% from 124,320 to 71,540 from January to March.

No one knows for certain how much cryptocurrency is mined through cryptojacking, but it definitely doesn’t require significant technical skills. According to the report from Digital Shadows, “The New Gold Rush Cryptocurrencies Are the New Frontier of Fraud”, cryptojacking kits are available n the dark web for as little as $30.

Is There a Cure for Cryptojacking?

Cryptojacking is clearly a significant concern for 2018 and the only way a user may notice their devices are being cryptojacked is a slowdown in performance.

Since this happens to most of us at one point or another, it will leave us questioning… have I been cryptojacked???

As these attacks are continuously evolving and still in their infancy, one of the better solutions would be real-time monitoring of your website.

Yet who has the time or the knowledge?

There are a few organizations with the network and the monitoring tools or the capabilities to analyze that information for accurate detection.

One such service is cWatch Web and it’s backed by human intelligence and a team of cybersecurity analysts. So don’t get cryptojacked! Protect yourself and your website with continuous monitoring and protection.

Don’t count on your existing endpoint protection tools to stop cryptojacking. Crypto mining code can hide from signature-based detection tools and desktop antivirus tools won’t see them.

And since you don’t have a help desk or can’t train your help desk to look for the signs, deploying a monitoring solution might be your best bet to detecting cryptomining activity.

How To Tell If a Website Is safe

From shopping online to managing our finances, or just connecting on social, we are completely dependent on websites.

Rather naïvely, we also traded our “trust” for those conveniences. Let me explain how…

We would never buy merchandise in a shady street from the back of a truck.

Yet that’s exactly what we’re doing when we don’t check the security of a website.

We are getting fooled by fake websites that are designed to take our private information and our hard-earned money.

Here’s how you can tell if a website is safe and learn how to protect yourself:

Let’s start at the top of your browser as it holds some clues! The address bar is where you can see the web address. Secure websites have an address that has an “S” at the end of HTTP. The “S” stands for “Secure”. They also have a padlock icon on the browser. So, if you see HTTPS and padlock, the connection is encrypted and secure.

But what about the company behind the website? How do you know it’s not a criminal with a secure connection? Well, a new system makes this easy, modern web browsers display color and company names in the address bar to help you recognize that the site is trustworthy.

It works like this, organizations that depend on security can have their websites reviewed and validated by licensed unbiased companies called Certificate Authorities. This ensures the organization and website are trustworthy and using a secure connection. If the site passes the tests, the Certificate Authority issues an EV SSL certificate and only sites with these certificates displays color in the address bar including the company name along with the address.

Just like traffic signals, colors like red and green denote stop and go, respectively. If green, it means the site is safe. If red, then you should not access that site. This review process means criminals can’t obtain the certificates that are required to display the colorful information on the address bar. So, when you see a site with green info in the address bar, you can be sure that it’s legit.

Now, if you are reading a news or checking the weather, security doesn’t matter much. So, don’t be concerned if there is no HTTPS, padlock, or green bar. Security matters most when you send sensitive information such as credit card info or passwords.

For additional security, you can also use Comodo’s SiteInspector. It’s a free tool that scans malware and monitors blacklisting for websites.

For website owners, you can use cWatch Web to scan and remove malware from your site for free.

DDoS In A Nutshell

Distributed Denial of Service (DDoS) is a major threat to your website. Here’s why…

DDoS attacks target websites and businesses of every size, including individual live streamers.

With more than 50 million attacks every year, they’re on the rise and growing in frequency, strength, and hacktivism.

That’s almost two attacks for every second of each day in a year!

The attacks have increased by 125 percent year-on-year with a 35% jump in attack duration, lasting between 6-24 hours.

With the emergence of the IoT, DDoS attacks have seen even higher traffic rates.

They account for a staggering one-third of all website downtime and can be purchased for as low as $150 on the black market.

In a nutshell, DDoS attacks have existed for years, but now they’ve evolved to be more devastating and easier to launch than ever before.

As cybercriminals develop more destructive techniques, everyone who uses the internet should learn about DDoS attacks and how to protect against them.

How Do DDoS Attacks Occur?

DDoS attacks disrupt normal operations by destroying performance and availability. How?

At its most basic level, a DDoS attack overwhelms your website with so much traffic that your website become slow, unresponsive, and ultimately crashes.

To orchestrate this symphony of traffic, a hacker uses a remotely controlled device that has already been infected, otherwise known as a bot, short for robot.

A collection of these infected devices is a called a botnet.

Basically, an army of remote control zombies ready to disable or destroy any system in its path.

Unfortunately, the bad news doesn’t end there because not all DDoS attacks come from botnets.

Types Of DDoS Attacks 

DDoS attacks can fall into three broad categories, depending on the attack.

1. Volumetric Attacks (also known as Network-Centric Attacks)
a. The most common types of DDoS attacks
b. Use botnets to consume bandwidth
c. Examples include NTP Amplification, DNS Amplification, UDP Flood, TCP Flood

2. State-Exhaustion Attacks (also known as Protocol Attacks)
a. Exploits a weakness in the Layer 3 and Layer 4 protocol stack
b. Targets the connection state in firewalls, web application servers, load balancers
c. Examples include Syn Flood, Ping of Death

3. Application-Layer Attacks
a. The most sophisticated of attacks and most challenging to identify/mitigate
b. Operated by a single machine, it’s very stealthy and able to fly “under the radar”
c. Examples include HTTP Flood, Attack on DNS Services, HTTPS, and SMTP

DDoS Protection

Here are some security measures for successful DDoS protection:

1. Extra Bandwidth: An effective way to enhance DDoS protection is by increasing the bandwidth available for your web server. This allows your website to handle sudden and unexpected surges in traffic. However, this is more of a buffer than a complete solution providing critical time to act before your resources are overwhelmed.

2. Defend Network Perimeter: You can also enhance your network’s defense perimeter by taking additional security measures such as

i) rate limiting your router to prevent web server overwhelming
ii) dropping spoofed or malformed packages
iii) set lower SYN, ICMP, and UDP flood up thresholds

However, this is very technical and will require some level of incident handling knowledge to effectively respond to DDoS attacks.

3. DDoS Specialist: Another option is to hire a DDoS specialist who can save you from the attack during the time of crisis. However, this will require deep pockets as it is very costly.

4. cWatch Web: Since the above options may not be in your budget or scope of knowledge, cWatch Web arms you with DDoS protection as a turnkey defense system. This web security solution comes equipped with the cure, the prevention, and live 24/7/365 assistance.

US Military and Government Websites Hacked

US Military and Government Websites Hacked! Is Your Website Safe?

Today’s cybercriminals are more fearless than your average criminals.

Even the worst of villains would never attack a U.S. Military facility (unless you’re watching a movie).

Whereas in cyberspace, all targets are at risk, regardless of government or military status.

Cybercriminals are clearly not discriminating against acts of intrusion when it comes to websites.

Last month a California hacker was arrested for defacing numerous military, government, and business websites, including West Point’s Combating Terrorism Center and the New York City Comptroller’s Office.

According to the Department of Justice, the hacker allegedly used a well-known exploit called Cross-Site Scripting (XSS) to hack over 11,000 websites!

The FBI’s Assistant Director for the New York Field Office, William F. Sweeney Jr., said, “Website defacements can disrupt an organization’s operations and damage its credibility.”

The comptroller’s office ultimately paid more than $5,000 to fix the damage, while the US government paid more than $7,000 to fix West Point’s site.

It’s obvious that tampering with websites is probably the most common type of hacking.

This is the statement of Levi Gundert, a former US Secret Service special agent within the Los Angeles Electronic Crimes Task Force.

Mr. Gundert wisely reminds us of the potential for harm when cybercriminals gain unauthorized access to web servers such as the large-scale Equifax breach last year which exposed the personal information of 145 million Americans.

He concludes by saying “Organizations generally underestimate the damage that can be done.”

Whether large or small, it’s clear all websites are at risk.

So how much damage can you afford?

cWatch Web can help you to never answer that question.

As the old adage goes, “an ounce of prevention is worth a pound of cure.”

cWatch Web offers you access to the best of both worlds.

With an innovative 6-layer stacked security solution, cWatch provides comprehensive protection against the OWASP Top 10 most critical security risks, including Cross-Site Scripting (XSS).

Don’t put your organization at risk by underestimating cybercriminals.

Start with a complimentary scan and immediately discover vulnerabilities that may be threatening your website.