In this blog, Jason Brown, one of our IT business partner from Lakes Networking, spoke to us about a rapidly exploding virus threat and what are some of the measures that can be taken to secure your website and network against it. So let's get straight into it.
AlphaBiz: This is going to be a long conversation!
For people who only have a few seconds to spare, can you give a shorter version of what this security threat is and what can we do about it?
Jason: So, hackers have now turned their attention to vulnerable websites and are exploiting HTTPS to bypass firewalls and Antivirus to install things like crypto-miners on your devices. Despite the websites getting infected at a fast rate, they continue to function normally, leaving users completely unaware of the fact that their website may be contaminating their computers.
Sophos has released a new Deep Packet Inspection (DPI) mechanism to address the issue. The only cost involved is the system admin's time to deploy. Most sites require somewhere between 3 to 5 hours each, depending on the number of users at each site. We may need to reconfigure their WiFi.
AlphaBiz: Tell us a bit more.
Jason: Basically, hackers are using millions of vulnerable websites and the new HTTPS enforcement to bypass firewalls and AV to infect the PCs and then the entire networks.
AlphaBiz: What is HTTPS enforcement?
Jason: Ever since the internet started transmitting sensitive information like passwords, credit card and bank details, hackers have been using an attack called 'Man in the Middle'. This is where the hacker injects himself into the stream of data going between a website and your PC or smart device and reads the text going back and forth. Websites often transmit data in what we refer to as clear text, which means the hacker just sits back and waits for you to type your password and he can read it in clear text as it passes between your PC and the website. Think of it in the same way as tapping an old analogue phone line and just listening to conversations.
AlphaBiz: So, how do we stop Man in the Middle attacks?
Jason: Well, that’s a great question and one that tech giants have been wrestling with for a while. The answer that Silicon Valley came up with, some time ago, was a new internet standard called HTTPS. The “S” stands for secure and how it works is by installing a certificate on the website. When you browse a particular website, your internet browser (Explorer, Chrome or Firefox) checks the address of the site and compares it to the certificate. If everything looks ok, your browser and the website set up a secure encrypted session. This means that even if a hacker is using a 'man in the middle attack', all he sees is encrypted data. Because every connection to the website uses a unique and randomly generated encryption key, decrypting the text is very hard. Banks and the like have been using HTTPS for a while now.
In 2017 internet browsers started to highlight websites not using HTTPS by default, as insecure. These days if you browse a site that's not using HTTPS, you are likely to get a big warning rather than just a red padlock telling you the site is not secure. This has pushed everyone to use HTTPS for their website even if they don’t transmit any data. The good news is there has been a dramatic drop in 'Man in the Middle attacks'.
AlphaBiz: If HTTPS is making the web more secure, then where is the problem?
Jason: Well, all the hackers using 'Man in the middle attacks' have suddenly found themselves without a revenue stream. And, unfortunately, they haven't changed their occupation to a landscape gardener or an ice-cream vendor, as Silicon Valley had hoped. Instead, they have turned their attention to websites that can be hacked themselves. Just like windows updates, there is a constant stream of updates that get released for most CMS platforms. If the CMS platform doesn’t get updated, it becomes vulnerable to hackers who infect these websites with their code, then bypass network Firewalls and Antivirus to infect networks. The evil genius behind this new attack is that the website owners have no idea that their website is actually infecting end users PCs and networks. This means every website running HTTPS is now a potential threat as end users have no way of knowing if the sites CMS is up-to-date with its security patches. By the way, those of you whose website is hosted with Lakes and are on a maintenance plan - we are keeping your CMS updated.
AlphaBiz: OK, so how do we stop this new threat?
Jason: Well ironically, the answer is 'Man in the middle'. What Sophos has released is a system whereby the Firewall sets itself up as a man in the middle between the secure website and your PC. This allows the Firewall to decrypt the data, inspect it for nasties and if safe, pass the data back to the PC. If the data is bad and contains infections, the site gets blocked.
AlphaBiz: And what is the cost to deploy this new security measure?
Jason: The good news is that Sophos has made this new technology available as part of its existing licensing. However, we will need to discuss how a company's WiFi works and will need to deploy a Sophos certificate to all PC’s and Laptops on the network. Our test sites have also experienced a few hiccups that need to be ironed out, so we are allowing 3-5 hours to deploy the new setup (depending on network size and complexity).
AlphaBiz: So, how do companies get started?
Jason: All they need to do is get in touch with me or anyone at Lakes Networking, and one of our System Admins will get in touch to plan the rollout. Our phone number is 08 9417 2230, and email address is firstname.lastname@example.org
AlphaBiz: Thank you, Jason. That was very well-explained. I am sure our readers will see why it is crucial for them to secure their websites.