Story image

Arbor Networks ponders what triggered the DBE hack - and how attackers did it

20 Jul 2017

The Department of Basic Education’s (DBE) website was recently hacked.

This incident left questions and speculations, such as what could have triggered the hacking and which group of hackers could be behind it.

Elijah Mhlanga, spokesperson for DBE, says, “It is a strange coincidence that the hacking of the department happened the same day as the Gauteng High Court ruling that schools were not allowed to favour one religion over the other.”

“The website had to be put offline while the state information and technology agency dealt with it,” he adds

Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks, shares insights on the hacking incident.

“Systems that host websites are not 100 percent immune to attacks or being hacked,” he says.

“There are many avenues a persistent hacker can take to gain access to a webserver hosting a website, including exploiting a known vulnerability in the operating system (OS) or the web application (apache, IIS), weak credentials (username or passwords) on the system, a backdoor planted in the past by means of malware (intentionally or unintentionally), or another network service, for example file transfer protocol (FTP) or telnet unintentionally running on the system that is vulnerable to exploitation.”

He explains that hackers can also use a technique called ‘pivoting’ to use websites to access portals within an organisation that contain vital information.

“A hacker can gain access to a range of other internal systems once they have managed to gain control over the public or internet-facing device.”

Environments that lack proper segmentation and weak internal access controls can be exploited in this way.

This “land and expand” approach is a very common technique used by hackers,” he adds.

“For the department to ensure that a similar incident does not occur again, look at a range of best practice, processes, policy and technology (configured optimally) that can be harnessed to avoid these types of exploits, as well as the cascading repercussions that result from the initial exploit.”

Hamman concludes, “Organisations can prevent hacking from happening to them with the right security technology being the foundation of any new service.

“Securing their critical assets and infrastructure, and follow a well documented process. There should be policies in place that outline how new and existing systems are built and maintained, with security at its core.”

“Following this, employees need to be adequately trained and empowered to react to security incidents proactively. Lastly, regular penetration testing and audits is key to an organisation’s security.”

WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
Flashpoint signs on emt Distribution as APAC partner
"Key use cases that we see greatly benefiting the region are bolstering cybersecurity, combating insider threats, confronting fraud, and addressing supply chain risk, to name a few."
The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.