March 2018 Security Newsletter
Let's be upfront: it's 2018, and if you've been paying even partial attention to the news, you know that the trend for technology stories is [Company] Data [Breach/Leak] day after day. According to self-reported data, companies in the US unintentionally leaked 2 billion consumer documents—that's a 2 followed by 12 zeros—and that number is known to be under-reported. There are companies vulnerable to these attacks that are not aware or cannot confirm that this data was stolen from them. 43% of malicious attacks are conducted against small businesses. Botnets continue to be a growing problem, with some being rented for as little as $20 for a 200+ Gbps DDOS attack. For context, an attack of half that size took the Rochelle Illinois Municipal Tech Center completely offline for a few hours last July, affecting our server and many municipal service websites. Even the Olympics are being targeted by malware and DDOS attacks. More than anything, 2018 has so far been the year of bad tech news.
So, what is Armor Techs doing about it?
- As many of our clients are aware, earlier last year we discontinued clear-text logins on all of our services and began enforcing strong cipher encryption protocols.
- We have adopted a policy of full encryption for all of our clients. Every hosting on our server is receiving free and automatically managed SSL certificates for their website.
- We've developed a Hub and Spoke AES-256 encryption solution we are beginning to offer our clients, which ensures that even if sensitive data were to leave the server, it is rendered completely useless.
- Arrow's Chain-Mail website protection system continues to evolve with intrusion detection and per action control of user activities.
- Finally, we are actively campaigning our clients and members of our community to abandon older and unsecured frameworks, for platforms that will curate a better and more secured Internet.
Server News and Notices:
We've seen an uptick in compromised OpenCart E-Commerce platforms.
Up until recently, we have recommended OpenCart as the best free and open-sourced E-Commerce solution, but in recent months, many longstanding security vulnerabilities have begun to limit the safe applications of OpenCart as a platform.
In January, we observed web shells dumped into hosting accounts by manually triggering SQL errors that include the shellcode and writing the error to an executable PHP file, an exploit that is possible due to a design choice to allow OpenCart to write log files with any extension. We have patched all frameworks on our server to prevent this particular exploit, but these frameworks, especially the older 1.x.x versions, continue to be vulnerable to other XSS and Database exploits.
At this point, it is our official stance that if you do not have a 3.x.x copy of OpenCart, it is in your best interest to make a plan of action to upgrade or migrate to another framework. We only expect these attacks to increase.
Wordpress continues to be the primary target of the majority of exploit attempts.
Since expanding our security monitoring systems last month, we see that the wp-admin folder is in the top ten most requested resources for every hosting on the server. These are usually automated scouts looking for vulnerable systems to compromise, so the resource requests by themselves are not concerning. Since they are happening, it is in your best interest to ensure that if you have a Wordpress, it is up to date. In addition to that, we highly recommend that all of our hosting customers install WordFence security if you are not already running it. WordFence has long been a staple of our own Wordpress deployments, and it is the leading software firewall for the platform.
A Final Note.
All of our clients should be aware that we pride ourselves in running a managed and secured server. We understand that compromises happen from time to time. They are an unfortunate reality of the current state of Internet and network security. However, because we do keep a watchful eye on the server, we are sometimes forced to disable hostings that have been compromised to the point of threatening the rest of the server. We typically contact the owners as soon as something like this happens, and while we do disable public access to the files, we do not delete anything unless you have contracted us to clean or otherwise manage your hosting for you.
Please be aware that a consequence of not maintaining your website is that we may have to take it down, and you will be responsible for demonstrating that putting it back online will not pose a threat to the rest of our clients. Failure to do so may result in a full termination of your hosting.
On the Horizon:
Our desktop platform: Blacksmith is set to be deployed in its first application as secure file-backup solution next month. Blacksmith is designed to be a low system overhead modular application framework for automating a number of security-related tasks for our customers. This initial functionality is about offering a secure, automated, and encrypted method for backing up files to a remote location, to create a recovery point or to allow files to be easily synced between several locations. In addition to this, we also have hardware monitoring in development, which will allow our technicians to monitor your devices remotely, and in some cases, may allow us to diagnose issues without ever seeing the device.
We also continue to make advances in our Network Operations Control Suite. Our new security checkup service is a by-product of this development. Using the data gathered from our existing systems about intrusion attempts, we plan on developing auto-update solutions for our clients running Arrow behind their websites, so as new exploits are found and patched, all Arrow users can benefit immediately. We are also developing more sophisticated intrusion monitoring and reporting systems, and hope to make those available to our clients in the fourth quarter of this year.
We are already hard at work on Arrow 7, which in addition to having a re-developed UI, will offer more data about how people are interacting with your website and when those interactions veer into malicious activity. We are currently implementing heatmap visualizations for existing statistics gathering systems so that our Designers can create a UI that makes the most used features as easy to access for our clients as possible. We plan on integrating these techniques with our front-end statistics systems and allow the same visualization for content pages in the future. Our granular website protection system, Chain-Mail, is also in the queue for some major intrusion protection updates. For obvious reasons, we can't share specifics of those publicly, but when the new system is deployed, our clients will benefit immediately.
Rest assured that we are continuing to build and expand our systems to ensure you are able to provide a safe and stable online experience for your visitors. We strongly believe that consumer trust is just as vital, if not more, than solid marketing campaigns, and we are closely monitoring ongoing malicious trends like Crypto-Jacking and Cloud-Service based bot-nets, so that we can provide you the tools to continue to grow your online presence in 2018 and beyond.