SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Breach Prevention
#
Cybersecurity
#
Africa
Arbor Networks ponders what triggered the DBE hack - and how attackers did it
Thu, 20th Jul 2017
FYI, this story is more than a year old
By Vusi Melane, Ex editor/contributor
Follow us

The Department of Basic Education's (DBE) website was recently hacked.

This incident left questions and speculations, such as what could have triggered the hacking and which group of hackers could be behind it.

Elijah Mhlanga, spokesperson for DBE, says, “It is a strange coincidence that the hacking of the department happened the same day as the Gauteng High Court ruling that schools were not allowed to favour one religion over the other.

“The website had to be put offline while the state information and technology agency dealt with it,” he adds

Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks, shares insights on the hacking incident.

“Systems that host websites are not 100 percent immune to attacks or being hacked,” he says.

“There are many avenues a persistent hacker can take to gain access to a webserver hosting a website, including exploiting a known vulnerability in the operating system (OS) or the web application (apache, IIS), weak credentials (username or passwords) on the system, a backdoor planted in the past by means of malware (intentionally or unintentionally), or another network service, for example file transfer protocol (FTP) or telnet unintentionally running on the system that is vulnerable to exploitation.

He explains that hackers can also use a technique called ‘pivoting' to use websites to access portals within an organisation that contain vital information.

“A hacker can gain access to a range of other internal systems once they have managed to gain control over the public or internet-facing device.

Environments that lack proper segmentation and weak internal access controls can be exploited in this way.

This “land and expand” approach is a very common technique used by hackers,” he adds.

“For the department to ensure that a similar incident does not occur again, look at a range of best practice, processes, policy and technology (configured optimally) that can be harnessed to avoid these types of exploits, as well as the cascading repercussions that result from the initial exploit.

Hamman concludes, “Organisations can prevent hacking from happening to them with the right security technology being the foundation of any new service.

“Securing their critical assets and infrastructure, and follow a well documented process. There should be policies in place that outline how new and existing systems are built and maintained, with security at its core.

“Following this, employees need to be adequately trained and empowered to react to security incidents proactively. Lastly, regular penetration testing and audits is key to an organisation's security.

Related stories
KnowBe4 to acquire Egress for enhanced AI-driven cybersecurity
Gen AI optimism high in ANZ but cybersecurity concerns loom
NetApp 2024 report uncovers 'disrupt or die' era powered by AI
Mandiant unveils latest M-Trends 2024 cybersecurity report
Customers vs banks - Where should the buck stop in preventing finance scams?
Top stories
Telegram users targeted in cryptocurrency scam, Kaspersky reports
Yahoo ventures into CTV space with Yahoo Identity Solutions
ServiceSeeking joins ConnectID for enhanced online security for SMEs
BeyondTrust lauded as a leader in Identity Threat Detection
Cradlepoint launches rapid-deploy secure network solution NetCloud SASE