SMB Websites Face Mass Meshing Attacks

Heres how to protect your SMB website--and what to do if its been compromised.

(click image for larger view)
Slideshow: 12 Money Saving Tech Tips For SMBs
Big business and government hacks might get the front-page headlines, but a giant like Citi has the cash to weather a security storm. Not so for small and midsize businesses, especially those that depend on their websites for most of their revenue--a major breach could wipe out the bottom line.
Which makes recent findings by security firm Armorize more alarming. Wayne Huang, the companys chief technology officer, and his team recently starting tracking the latest virulent strain of website infections, which theyre calling mass meshing attacks. SMBs are especially vulnerable.
Its predominantly SMB websites, Huang said in an interview. Websites that have decent traffic, but they arent the Alexa top 500-type of sites like eBay or Amazon.
Huang describes the mass meshing method as an evolution of the longer-standing mass SQL injection. Whereas the latter was a brute-force, hit-or-miss attack, the newer method is much more exact--and potentially much more rewarding for the bad guys. When its successful, it gives the fraudster much more control because they gain access to the sites administrative credentials and all of its files; Huang called it fingerprint-level precision.
Because they can do it at such a precise level, when they attack they dont just inject a single malicious script like in mass SQL injections, Huang said. They inject a backdoor, which allows them total control of all the files on the website.
Huang added that hackers have gotten better at hiding those backdoors, too, making them harder to find. Similarly, mass meshing creates a bigger headache for security vendors charged with protecting end users from malware. Huang notes that in the past, thousands of mass SQL injections might have all pointed to the same handful of static, malicious domains--easy enough to blacklist. In the case of mass meshing, the infected sites themselves serve as the malicious domains--meaning there might be 20,000 or 30,000 URLs that need to be dealt with. And unlike with actual malicious domains that were never intended for genuine use, its no longer an add-an-forget blacklist paradigm.
These are not malicious URLs, Huang said. These are legitimate websites with loyal customers. The Armorize team has published a detailed breakdown of the threat on
their blog
.
Such an attack, while not likely to generate the buzz of a breach at the
CIA
or other
high-profile targets
, could cripple a smaller business that relies on its website for sales. For starters, an infected site is likely to be blacklisted by Google--a potential deathblow for online businesses--as well as by security vendors, not to mention any software or services that use Googles Safe Browsing API. Even in a less doomsday scenario, a mass meshing infection is likely to damage a businesss reputation, particularly if its customers are notified by their browser or antivirus software that its website poses a threat.
When the website is infected, all of the traffic that [the SMB] has been building up over the years suddenly drops to a very low level, Huang said. All of a sudden their revenue drops to nearly zero.
The bad news: Huang and his team estimate that there are as many 30,000 websites already infected by mass meshing attacks. The good news: There are of plenty of steps SMBs can take to safeguard their sites without busting their budgets. Huang offers the following advice for keeping your companys website secure against mass meshing attacks:
-- Only use https and sftp protocols to manage and make updates to your site. Using unsecure FTP, in particular, is an open invitation to scammers to sniff out your admin credentials; the default protocol isnt encrypted. If you do this, you make it much harder [for hackers] even if your PC is infected, Huang said. -- Do your homework on Web hosting providers, and choose a good one. Hackers love to target shared hosting vendors, because when they find a vulnerability it often leads to a bumper crop of sites they can hit. Choose your Web hosting provider wisely, Huang said. Some hosting companies are well-known to have vulnerabilities in their shared hosting environments. He added that there are good online forums where SMBs discuss their experiences with various hosting providers.
-- Run current antivirus software on all of your PCs, and especially those used to manage the website. Huang said that reliable, free options such as Microsoft Security Essentials mean even the leanest SMBs have no excuse to not deploy antivirus software.
-- Stay on top of critical software patches. Huang lists Microsoft, Adobe, and browsers as the top three priorities and says SMBs shouldnt delay downloading and applying fixes, especially when mega-updates such as
Tuesdays Microsoft release
come out.
-- Likewise, if you use turnkey, third-party website components such as shopping carts or content management systems, always keep them updated with the most current version--especially if theyre open source. For example, Huang said: As soon as WordPress releases a new version, the whole hacking community knows about the vulnerabilities of the previous version and theyre ready to attack.
-- Scan your sites custom code for vulnerabilities. There are commercial systems available, but budget-conscious SMBs can do this without spending money. Huang points to NetSparkers community edition, for instance, and said that next month Armorize will release its own whitebox version of CodeSecure that will scan up to 10,000 lines of source code free of charge. He also notes a variety of online sources for extra guidance, such as The Open Web Application Security Project.
SMBs looking for extra help in spotting mass meshing threats should look to their existing website vendors; they might be able to leverage monitoring services as part of an existing agreement. Huang said SSL-certificate providers such as Symantecs VeriSign often include such services.
If your site
has
suffered from a mass meshing attack, act quickly. Heres what Huang advises:
-- The first response for many SMBs--particularly those with limited internal IT staff--should be to call their Web hosting provider. The good ones, Huang said, will often be able to help and may have already identified a fix, particularly if they have other affected customers.
-- Change your sites admin password, but dont do so immediately: First, run an antivirus scan on the PC. If its infected, the attacker will have access to the new password, too.
-- Scan your systems--including files, databases, and config files--for backdoors. Huang concedes that this might exceed the comfort zone of some SMB owners and staff; in that case, it may be time to bring in an outside vendor.
-- Finally, when the site is clean and secure, begin the crucial process of restoring its traffic and reputation. Googles Webmaster tools allow for blacklisted sites to request re-evaluation, for starters.
If all of this sounds like grunt work, it is. And its absolutely necessary. Otherwise, SMBs are advertising their site to the wrong audience: Hackers. The bad guys profit when smaller businesses are too busy or careless to attend to online security. But SMBs should have a profit motive here, too. In a follow-up email, Huang wrote: When attacks take your competitors down, your value will show.
It doesnt pay for small and midsize businesses to protect against security threats faced by only the largest companies. Heres how to focus your efforts on the right threats. Download our all-digital supplement.
Download it now
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
SMB Websites Face Mass Meshing Attacks