23 Oct, 2017

Phishing for a Gold Medal

Learn how a phishing attack compromised the website of Olympic gold medalist Janet Evans, and how Quttera can help you protect your site from similar threats.
This is not just another phishing attack blog. This is about your business’ well-being should your website be compromised. This about hosting providers who may inadvertently allow multiple client’s websites to be compromised simultaneously, thereby putting their own business at risk. This is about protecting reputations and maintaining accessibility to your website or to the websites that you host.

Janet Evans is an American swimmer who won four Olympic gold medals and one silver medal. Janet broke seven world records and is one of the greatest swimmers of all time. Unfortunately no matter how fast you can swim, a phish can still catch you. Recently a phishing attack I was investigating led me to Janet’s website. Do you see any problems with this web page?
Do not worry if you did not see anything “phishy,” nobody else did either. This isn’t the page that put Janet’s website at risk. The page below was the malicious web page that neither Janet nor her hosting provider knew was there.
The path in the red box shows where the problem resides. The “/wp-admin/” is where the site administrator’s login screen is at. If someone can gain access and log into http://www.somewhere.com/wp-admin/ then they can change anything on www.somewhere.com and nobody but attack victims will ever see it. By the time you find the problem your site may have a new backdoor and removing the malicious content may not solve your problem. You do not have to be famous either.

In this attack the hidden directory “wp-admin/.dl/” contains the folder /enbofa-auth/. This is where the phishing kit is located, and where victims of the phishing email are directed to. The pictures below show two of the phishing pages that reside there. Notice that janetevans.com is being indicated as dangerous by the browser.
As bad as this may seem, it could have been worse. Frequently when websites are compromised unsuspecting visitors may be the victims of exploits and malicious downloads such as the one shown below that I encountered a short time ago.
I have seen these malicious attack hosted on websites as small as a small real estate company to as large as Equifax. Equifax can afford the 3% drop in stock price the discovery of this malicious link led to, but the impact of a malicious link or malware on a small to medium size business’ website can be devastating. Nobody is immune to today’s phisher men.
The full-extent to which your business can be harmed, such as in decreased web search rankings, is beyond the scope of this blog, but Stratford University has an eye-opening article titled "How a Hacked Website Can Impact Your Business"
So, what can you do right away?
Before you read on, do a quick scan of your website with the Free Online Website Malware Scanner to see if your site is already infected, and then please come back for the rest of the blog, or if you require assistance that might be good to get first.

Make sure you have good contact information that is easy to find on your website. As a security professional I was greatly impressed by the way Janet’s team handled this event. It only took a moment to get contact information so I could report the phish to her team. The response was swift and in a very short amount of time Janet’s team had the site taken offline for a few minutes to protect people while they cleaned things up. In a jiffy her website was up and running and I found a link to her TEDx talk! Janet’s made it easy for me to help.

Make sure your website software is patched and that all of your security software is up-to-date. Anti-malware protection is of course essential, but running websites requires additional security tools for protection as well. Keeping up with the latest security patches is just as important.

Make sure you have a great password. Many successful attack start with brute force password guessing. Weak passwords allow these attacks to succeed with little effort required by the attacker. Believe it or not 1Fw3^*(drf!3 is not a great password. In another blog I will teach you what a great password is and how to make one that is easy to remember.

Finally, sometimes something will get past you. If your site is ever blacklisted let Quttera help you get off the blacklists quickly. It’s what we do.
Is your website flagged for malware, blocked by the search engines or disabled by the host?
We are always quick to respond to protect our customers from ransomware and other cyber threats. Our experts are here to clean up any malware from your sites and remove false-positives, blacklisting and different kinds of alerts by any security vendor and search engines. Just select appropriate ThreatSign! Anti-Malware plan and get back online.

For other issues and help: Quttera’s help-desk