SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Arbor Networks ponders what triggered the DBE hack - and how attackers did it
Thu, 20th Jul 2017
FYI, this story is more than a year old

The Department of Basic Education's (DBE) website was recently hacked.

This incident left questions and speculations, such as what could have triggered the hacking and which group of hackers could be behind it.

Elijah Mhlanga, spokesperson for DBE, says, “It is a strange coincidence that the hacking of the department happened the same day as the Gauteng High Court ruling that schools were not allowed to favour one religion over the other.

“The website had to be put offline while the state information and technology agency dealt with it,” he adds

Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks, shares insights on the hacking incident.

“Systems that host websites are not 100 percent immune to attacks or being hacked,” he says.

“There are many avenues a persistent hacker can take to gain access to a webserver hosting a website, including exploiting a known vulnerability in the operating system (OS) or the web application (apache, IIS), weak credentials (username or passwords) on the system, a backdoor planted in the past by means of malware (intentionally or unintentionally), or another network service, for example file transfer protocol (FTP) or telnet unintentionally running on the system that is vulnerable to exploitation.

He explains that hackers can also use a technique called ‘pivoting' to use websites to access portals within an organisation that contain vital information.

“A hacker can gain access to a range of other internal systems once they have managed to gain control over the public or internet-facing device.

Environments that lack proper segmentation and weak internal access controls can be exploited in this way.

This “land and expand” approach is a very common technique used by hackers,” he adds.

“For the department to ensure that a similar incident does not occur again, look at a range of best practice, processes, policy and technology (configured optimally) that can be harnessed to avoid these types of exploits, as well as the cascading repercussions that result from the initial exploit.

Hamman concludes, “Organisations can prevent hacking from happening to them with the right security technology being the foundation of any new service.

“Securing their critical assets and infrastructure, and follow a well documented process. There should be policies in place that outline how new and existing systems are built and maintained, with security at its core.

“Following this, employees need to be adequately trained and empowered to react to security incidents proactively. Lastly, regular penetration testing and audits is key to an organisation's security.