IT Group Assists E-commerce Provider With Website Security Vulnerability

A large web developer and e-commerce provider found themselves with an open vulnerability caused by an error by one of their developers. The vulnerability left them open to becoming the victim of a potentially malicious exploit.

As security experts, IT Group Consultants were able to assist the client in helping them understand why the event occurred as well as advising them on what to do to mitigate the situation and ensure a similar event could not arise again.

More and more companies are finding themselves in similar predicaments. At IT Group, we have noticed a growing trend in particular at large, solely internet-based enterprises. Many of these businesses are uncertain of how to prevent either the same event or a similar event happening again. In this situation, we were able to follow the evidence trail in order to find the root cause of the issue.

Situations such as this may not always be so easy to correct and can lead to a complex set of legal proceedings. In light of this, we have collated three pieces of advice, agreed between our in-house Digital Forensics and Cyber Security teams, for any company to follow who believes that a malicious attack has been conducted against its website or servers.

Quarantine

One of the most time-tested defences against a cyber-attack is to ‘pull the plug’. Although an effective method of interrupting a live intrusion, this does result in downtime of the business’ website – which can often cause significant damage to income. Furthermore, we often see businesses pull the power lead of the system. This can destroy valuable forensic evidence that can lead investigators to the source of the data intrusion.

A far better solution is to pull the ethernet (cat.5) cable and quarantine the machine from the network. Furthermore, it should be noted that it is often only a small portion, or a microsite, of your website that is likely to become vulnerable. If this is the case, you should be able to isolate and remove that portion from your web server to quarantine the issue effectively.

Find out how the vulnerability was exploited

Many millions of systems will scan your website a year, both malicious and benign (such as Google spidering the website for its search engine), and occasionally a select few malicious ones will manage to find a hole to worm their way into your website. At this early stage, understanding exactly how the malicious user managed to get into the system should not be your priority, and this is best left to a Digital Forensics team.

Despite this, understanding how to prevent the same vulnerability anywhere else on your server should be a priority, to ensure all of your systems are protected and the infiltration by the malicious attacker does not spread, compromising the server and/or other microsites on the same system. Investigating log files will lead to likely indicators, or a vulnerability scan conducted by a Cyber Security business, such as IT Group, can assist in finding known vulnerabilities.

Consult a professional company

Consulting a professional business in the field of Digital Forensics and/or Cyber-Security is one of the key methods of fixing any situations that have arisen. Although many areas of these investigations can be conducted by a technical professional, without the expertise provided by a professional company, such as IT Group, the risk is run of overwriting key evidence that could lead to a successful conclusion of an investigation.

Furthermore, it should be noted that, if a data breach has occurred where personal data is held, a thorough investigation that can get results as fast as possible can be the deciding factor when speaking to the Information Commissioner, with solid facts rather than assumptions and guesses. With the up-and-coming General Data Protection Regulation (GDPR) deadline looming, a solid investigation can be the difference between preparing a breach notification and providing approximate numbers of accessed details and being confident that no data was accessed.