SMBs Face Growing threat from Mass Meshing Attacks

Friday, June 17, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Security firm Armorize has been tracking recent trends in website infection attacks, and their findings indicate that while big companies have been making headlines for having their public-facing websites breached, it is really small to medium sized businesses (SMBs) that are at greatest risk.

The researchers branded the latest wave of website infections methods as "mass meshing attacks", and the the outcome of a successful attack could threaten the viability of many SMBs whose primary mode of conducting business is through their Internet presence.

"It's predominantly SMB websites. Websites that have decent traffic, but they aren't the Alexa top 500-type of sites like eBay or Amazon. When the website is infected, all of the traffic that [the SMB] has been building up over the years suddenly drops to a very low level. All of a sudden their revenue drops to nearly zero," said Armorize's chief technology officer Wayne Huang.

The mass meshing technique is an evolution of the SQL injection attack. Where previous attempts at mass SQL injections were more of a brute-force, hit or miss operation, mass meshing is more insidious because the attacker has a greater chance of elevating privileges and gaining administrative control over a website.

"Because they can do it at such a precise level, when they attack they don't just inject a single malicious script like in mass SQL injections. They inject a backdoor, which allows them total control of all the files on the website," Huang said.

If your businesses website is infected, Huang recommends the following actions be take immediately:

  • The first response for many SMBs--particularly those with limited internal IT staff--should be to call their Web hosting provider. The good ones, Huang said, will often be able to help and may have already identified a fix, particularly if they have other affected customers.
  • Change your site's admin password, but don't do so immediately: First, run an antivirus scan on the PC. If it's infected, the attacker will have access to the new password, too.
  • Scan your systems--including files, databases, and config files--for backdoors. Huang concedes that this might exceed the comfort zone of some SMB owners and staff; in that case, it may be time to bring in an outside vendor.
  • Finally, when the site is clean and secure, begin the crucial process of restoring its traffic and reputation. Google's Webmaster tools allow for blacklisted sites to request re-evaluation, for starters. 

For a detailed breakdown of the mass meshing threat, refer to Armorize's explanation HERE.

Source:  http://www.informationweek.com/news/smb/security/230800074?pgno=2

Possibly Related Articles:
9697
Enterprise Security
SQl Injection Web Application Security Small Business Headlines hackers SMB Website Security Mass Meshing Attacks
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.