Story image

Arbor Networks ponders what triggered the DBE hack - and how attackers did it

20 Jul 17

The Department of Basic Education’s (DBE) website was recently hacked.

This incident left questions and speculations, such as what could have triggered the hacking and which group of hackers could be behind it.

Elijah Mhlanga, spokesperson for DBE, says, “It is a strange coincidence that the hacking of the department happened the same day as the Gauteng High Court ruling that schools were not allowed to favour one religion over the other.”

“The website had to be put offline while the state information and technology agency dealt with it,” he adds

Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks, shares insights on the hacking incident.

“Systems that host websites are not 100 percent immune to attacks or being hacked,” he says.

“There are many avenues a persistent hacker can take to gain access to a webserver hosting a website, including exploiting a known vulnerability in the operating system (OS) or the web application (apache, IIS), weak credentials (username or passwords) on the system, a backdoor planted in the past by means of malware (intentionally or unintentionally), or another network service, for example file transfer protocol (FTP) or telnet unintentionally running on the system that is vulnerable to exploitation.”

He explains that hackers can also use a technique called ‘pivoting’ to use websites to access portals within an organisation that contain vital information.

“A hacker can gain access to a range of other internal systems once they have managed to gain control over the public or internet-facing device.”

Environments that lack proper segmentation and weak internal access controls can be exploited in this way.

This “land and expand” approach is a very common technique used by hackers,” he adds.

“For the department to ensure that a similar incident does not occur again, look at a range of best practice, processes, policy and technology (configured optimally) that can be harnessed to avoid these types of exploits, as well as the cascading repercussions that result from the initial exploit.”

Hamman concludes, “Organisations can prevent hacking from happening to them with the right security technology being the foundation of any new service.

“Securing their critical assets and infrastructure, and follow a well documented process. There should be policies in place that outline how new and existing systems are built and maintained, with security at its core.”

“Following this, employees need to be adequately trained and empowered to react to security incidents proactively. Lastly, regular penetration testing and audits is key to an organisation’s security.”

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Bitdefender announces security integration with Kaseya
The new partnership will allow VSA by Kaseya’s cloud and on-premises users to deploy and manage security with Bitdefender Cloud Security for MSPs.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.