Take away: Make sure you stay up-to-date with latest security news and apply all patches as soon as possible depending on the exposure and impact.
On the 7th of July 2018 accessing the South African Presidency site, http://www.thepresidency.gov.za, were greeted by the following home screen…
It has been restored to it’s previous form.
Visiting Zone-h (listing of hacked sites), 2 South African sites were found to be hacked by the same ‘team’.
The back-end revealed that both uses Drupal 7 (A popular Content Management System) with 3 critical security risks identified in March and April 2018. This is easy by right-clicking and inspecting the web source.
- The source of the web pages are post the hacks and hopefully all new patches have been applied. There is nothing wrong to use opensource software, but the installation, configuration and security monitoring and management is critical;
- You need to be proactive and have the right staff/functions in place;
- Monitor security notifications and apply patches or compensating controls to minimize your risk;
- Monitor and review your logs
- Expect to be hacked and prepare your response plan
- ‘Hack’ your own systems to test the security.
Practice Safe HEX