Last month, the South African Presidency’s website was hacked, which was confirmed by president Cyril Ramaphosa’s spokesperson.
Website exploits seem to be commonplace these days, and in this case, the website, which users normally use to access updates, was replaced by a black screen with an image claiming it had been hacked by Black Team X.
The message on the website also had a skeleton graphic and the phrase “Sahara is Moroccan and Morocco is ur Lord.”
The website had been taken offline as technicians try to trace the origin of the hack, but the most recent news said that a responsible party had not been identified yet. However, the website is now back online.
It may not be an easy task to trace down the infiltrator, as many hackers use many unique IPs in attacks, and usually hide their tracks well with other exploits.
One common weakness that hackers seem to target is a website’s content management system or CMS. Code exploits, including SQL injections and CSS exploits, have been common practice to take a website down to its knees. Ask anyone who has operated a CMS on a shared hosting server, and they can probably give you the war stories of spending hours searching through PHP and CSS files trying to track down and clean up a hack that was spread across an entire shared server.
According to one article, one CMS, WordPress, has been a target of several exploits, including brute force attacks. WordPress is said to be the platform that 20 percent of the internet’s websites use, so it’s an obvious target.
The South African Presidency’s website uses Drupal, which is also a very popular CMS. Back in April, hackers had begun attacking a critical vulnerability in Drupal via a remote code execution. There are several security measures that could have been taken and will likely be taken now after this latest hack.
One such option is a Web Application Firewall or WAF, which can be utilized on-premises or deployed on cloud services. A WAF is different from a regular firewall in that it filters the content of web applications and filters, monitors and can block traffic, preventing attacks like SQL injections, cross-site scripting and other security risks identified by the Open Web Application Security Project.
A WAF monitors and tracks incoming network traffic, recognizing legitimate traffic and blocking malicious traffic. A good quality WAF is a safeguard against such attacks, but just like anything else, quality does matter.
Several cloud hosting solutions offer WAF services, but a quality product will monitor and block against known attacks from OWASP and is multi-tiered, offering more than just one basic cookie-cutter service. And, that may be the key to proper security.