The Week In Hacker News
In todays post we go through how not only are small independent require website malware removal, but also the big enterprise websites such as NATO have been affected by cyber crime. WordPress is a powerful and free CMS that with the good always comes the bad side. However, not all is bad. It’s important to have a webmaster that you can trust to maintain your website and make sure it’s up to date with the latest updates, backups and preventatives to stop cyber crime!
NATO website hacked
According to the Daily Mail several NATO websites have been hacked what seems to be related to the growing tension over Crimea. The cyber criminal activity has affected multiple Nato websites and some reports are claiming that the Estonia Cyber Defence Center of Excellence has also been compromised. The attacks resulted in the website being taken offline for nearly 24 hours. It was reported that the NATO homepage didn’t load however, the next day all returned to normal. A group that goes by the name of ‘cyber berkut’ has owned up to the attacks.
If the NATO website can be hacked, it is a large warning to all websites the importance of website security and how vulnerable websites sites are.
12,000 Phishing sites hosted on WordPress installs
CSO Online have reported this week that 12,000 WordPress websites are hosting Phishing scams. The campaigns have targeted Paypal and Apple customers. As a result a large amount of sites have been related to Malware attacks too. Like most web based open source platforms WordPress requires ongoing level of web management which most daily bloggers lack. In the latest WordPress updates there has been a release for automatic updates. However, this isn’t the best solution. Although the site might automatically upgrade which in theory sounds great, it’s important that there is an understanding of what gets updated. Most of the time WordPress release “under the hood” updates which can often conflict with the Theme, Plugin and most importantly the server settings, which if you are on a shared environment might take your website down.
It’s critical that all websites are maintained and if using an open source system like WordPress the latest version is updated and files and databases are locked down.
WordPress Top of the List for Phishing and Malware
Larry Seltzer is an expert on Technology and Security and has written an article for ZDNET that warning of the Malware and Phishing issues that comes with WordPress. It was reported in Netcraft, an internet security research and services company, that the WordPress blogging software are a major contributor to malware distribution and phishing attacks. In the article they claim that over 7% of all Phishing attacks that are blocked by Netcraft during the month were WordPress domains. They also claimed that 8% of malware blocked by Netcraft during the month were delivering malware to the rest of the web. These make up large numbers considering that WordPress sites are installed on close to 30% of the websites around the world.
Although WordPress is a free online application the administration of these sites are accountable for making sure that WordPress, Plugins, Themes and all it’s components are updated. Unfortunately, many don’t keep these updated to the latest versions. As a results this has a direct correlation between those sites that are more frequently targeted with malware vulnerabilities.
Never before has it been so important to keep your WordPress up to date. The reason us webmasters push for this is because Malware, Phishing and Cyber Crime is an ongoing war. Similar to how Windows gets viruses now cyber criminals have turned their attention to the web. Although you might trust yourself for writing clean code and sticking to the book for web development best practices these hackers will always find a way into the system if it isn’t 100% securely protected. Unfortunately there is not one answer for keeping a website secure however, it’s an ongoing maintenance that will prevent a site from being attacked.
It’s important to have that level of security and level of contingency knowing that your website is backed up, has been updated and has followed the right steps to lock down your website.