Story image

Arbor Networks ponders what triggered the DBE hack - and how attackers did it

20 Jul 2017

The Department of Basic Education’s (DBE) website was recently hacked.

This incident left questions and speculations, such as what could have triggered the hacking and which group of hackers could be behind it.

Elijah Mhlanga, spokesperson for DBE, says, “It is a strange coincidence that the hacking of the department happened the same day as the Gauteng High Court ruling that schools were not allowed to favour one religion over the other.”

“The website had to be put offline while the state information and technology agency dealt with it,” he adds

Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks, shares insights on the hacking incident.

“Systems that host websites are not 100 percent immune to attacks or being hacked,” he says.

“There are many avenues a persistent hacker can take to gain access to a webserver hosting a website, including exploiting a known vulnerability in the operating system (OS) or the web application (apache, IIS), weak credentials (username or passwords) on the system, a backdoor planted in the past by means of malware (intentionally or unintentionally), or another network service, for example file transfer protocol (FTP) or telnet unintentionally running on the system that is vulnerable to exploitation.”

He explains that hackers can also use a technique called ‘pivoting’ to use websites to access portals within an organisation that contain vital information.

“A hacker can gain access to a range of other internal systems once they have managed to gain control over the public or internet-facing device.”

Environments that lack proper segmentation and weak internal access controls can be exploited in this way.

This “land and expand” approach is a very common technique used by hackers,” he adds.

“For the department to ensure that a similar incident does not occur again, look at a range of best practice, processes, policy and technology (configured optimally) that can be harnessed to avoid these types of exploits, as well as the cascading repercussions that result from the initial exploit.”

Hamman concludes, “Organisations can prevent hacking from happening to them with the right security technology being the foundation of any new service.

“Securing their critical assets and infrastructure, and follow a well documented process. There should be policies in place that outline how new and existing systems are built and maintained, with security at its core.”

“Following this, employees need to be adequately trained and empowered to react to security incidents proactively. Lastly, regular penetration testing and audits is key to an organisation’s security.”

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.