4 minute read
When hackers hit
BY KRIS BEVILL
Just three little words are capable of striking fear and panic into any information technology professional’s heart: You’ve been hacked. Website security is of utmost importance in our increasingly connected world, and IT professionals dedicate countless hours to staying a step ahead of would-be attackers by diligently carrying out prevention efforts and constantly monitoring sites for unusual activity. But despite these efforts, security breaches continue to become more commonplace as hack attacks continue to evolve, leading some IT professionals to caution that security breaches are no longer a matter of “if”, but “when.”
That was exactly the situation Perham, Minn.-based telecommunications company Arvig Communications found itself in on the morning of May 19. At about 7 a.m., the company’s senior manager of IT, Shaun Carlson, received a call from one of the network center operation center monitors alerting him to the fact that a breach had been detected on
Arvig’s website. “I was like, ‘Oh boy, we’ve been hacked,’” he recalls.
Carlson immediately contacted the company’s third-party website vendor to knock down the imposter page and began collaborating internally with Arvig’s IT staff to restore the company’s backup. Meanwhile, Lisa Greene, Arvig’s marketing and media manager, was brought into the loop and set about contacting company management, employees, customers and authorities.
Lessons Learned
It turned out that Arvig was lucky in a couple of ways: Most importantly, the breach was not a serious one. The group responsible, Cyb3r CommandOS, hadn’t accessed any customer data. The hack consisted of nothing more than the group putting a screen with a message in front of Arvig’s actual website, having gained access to the site through a vulnerability in the site’s content management system (CMS).
Also, because of the breach Arvig gained valuable insight into the importance of having a reaction plan for that type of situation, something which Greene says had been loosely developed prior to the hack attack but would now be a priority to complete. However basic it may have been, having a plan in place helped streamline the response, says Carlson. Arvig’s website was back up less than three hours after he was initially notified of the problem, and an extensive cleanup and restoration process was completed later that same day.
Reaction Tips
The steps taken by Arvig to recover from its cyber attack are similar to those recommended by IT professionals throughout the region, who agree that security breaches are becoming more common. David Loegering, technical services manager for Corporate Technologies’ Fargo office, says that while small- to mid-sized businesses are not often the target of seriously damaging cyber attacks, hacks do still happen, usually by people he calls “hacker wannabes” who do it for bragging rights. “If you’re a small business and you have a few hundred customers, you’re not going to attract the attention of a large hacker. There’s just no return in doing it,” he says.
Once they had recovered from Arvig’s breach, Carlson and his IT team researched its attackers and found that notoriety was indeed the motivator for that group. “The ultimate answer was: Because they could,” he says, noting that the same group also successfully hacked into a city website in Pennsylvania the day after the Arvig breach.
If you discover your website has been hacked, communication is priority No. 1, according to Loegering and others. This includes alerting customers as soon as possible via email, social media or another method that is deemed safe and appropriate for the situation. Arvig’s reaction plan places most of that responsibility on the marketing manager. “I’m at the center, making sure that everyone knows what’s going on,” Greene says. “I make sure the top management knows what’s going on, make sure the people who can affect change know what’s going on, and then figure out externally what we need to communicate.”
Because of Arvig’s role as a communications company with access to important infrastructure, the company contacted Homeland Security to report the breach as part of its com- munication strategy, but Greene says that is not always a necessary step. “In other cases, it may just be a customer message, and how to get that out in the quickest way possible.”
Carlson adds that honesty is the best policy when informing customers and the public that a breach has occurred. “Just be up front about it,” he says. “Tell everybody what happened, what you learned from it, and share knowledge.”
While communications plans are being carried out, the proper IT professionals should be working on knocking down the attack and replacing the affected site with a recent backup. A growing number of companies are contracting with third-party vendors to create and host their websites for ease of management, and the contracted party should be able to combat the problem quickly and efficiently. Loegering says that if a hosting company is doing an effective job, it should have frequent backups that can be called upon when needed and firewalls that can identify how the hack occurred.
Carlson says Arvig had hired a third-party vendor to host its website just weeks before the attack. He declined to name the company, but said Arvig chose that vendor because it specializes in hosting and maintaining CMS. Ironically, the attackers accessed Arvig’s website through a vulnerability in Wordpress, which is the CMS used by the company. Carlson notes that Wordpress is one of the most widely used CMS’ in the world, so vulnerabilities and their patches are regularly identified, but in this case it was a vulnerability that was so new the patch had not yet been applied. Still, he stresses that Arvig’s experience demonstrates the need for vigilence in being aware of CMS vulnerabilities and patching them in a timely fashion.
Aaron Mentele, a partner at Sioux Falls, S.D.-based Electric Pulp, says that while every website and hack attack is different, a compromised CMS is often to blame for a successful attack. And while he admits it’s impossible to prevent all attacks, he suggests that careful selection of website developers and hosting companies that stay up to date on prevention techniques are the best line of defense. “Obviously prevention is the better route - everything from firewalls and monitoring to keeping all of the core software up to date,” he says. “Certainly we try to catch it before it happens.” PB
Kris Bevill Editor, Prairie Business 701-306-8561, kbevill@prairiebizmag.com
