Traditionally, endpoint security has focused on the users, whether they are using a PC, a tablet, or a mobile phone. Now, however, cybercriminals are recognizing the SMB web server as a useful target.
“Web servers are under attack,” Stephen Cobb, security evangelist at ESET, told us. “As a small business, you need to have a plan to deal with problems coming from the server that is hosting your website.”
There are two common scenarios. First, the website may be subject to a distributed denial of service attack. Often, the company will be unaware of the problem until a customer says the site is down, or the hosting provider notifies the company that the server is being shut down to eliminate the attack. “Your website is being challenged every two seconds by brute force SSH attacks trying to break into cPanel, WordPress, Joomla, or Plesk,” Cobb said. “These are all things you find on virtual servers.”
Second, attackers may take over the server and use the website to distribute malware. “You may be Bob’s Flowers, and customers come to your site wanting to do business, but anyone who comes is then sent to a Black Hole exploit.”
Immune to server takeover
Too often, small organisations think themselves immune to web server takeover, because they have little in terms of proprietary data or customer information stored on the server. However, the reality is that the web server has become a lucrative asset for cybercriminals. “Now users are accessing the Internet from small mobile devices that are turned on and off, which is not a good platform for exploits. The hackers have realized that SMB web servers are always on, offer good bandwidth, and are lightly managed.”
The changing business models used by cybercriminals are magnifying the problem, he said. “I’ve been talking about the industrialisation of malware for the past 18 months, and that is the engine behind this.” As crimeware evolves as a free enterprise, cybercriminals can respond quicker to exploit new vulnerabilities. Furthermore, a broader array of players are building botnets and working to compromise machines.
Though there’s little that the average organisation can do to foil a targeted attack, there are best-practices that will make one web server a less attractive target than another. First, SMBs should protect their servers with strong and unique passwords that implement best-practices, including using a combination of letters, numbers, and other characters; choosing credentials that are not easily guessed; and changing the password regularly.
Further, SMBs should be using the monitoring tools offered by the hosting provider to spot potential attacks, Cobb said.
You can also go steps further if you have someone that you can tap into that is well versed in Linux. There are simple tools that can be activated on the Web server to alert you to talks. There are also some fairly basic but effective ways of limiting the number of times someone can use SSH to get into the box.
As malware makers start targeting web servers, SMBs need to turn their focus to these machines to ensure that they are well protected and monitored.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
