51. SECURITY IS NOT A DO IT
YOURSELF (DYI) PROJECT
TONY PEREZ – SUCURI CEO
52. WHERE TO FIND ME:
Twitter: @ADSPEDIA
Instagram: @adspedia
Email: valENTIN@SUCURI.NET
Editor's Notes
Hello and introducing the hashtag, reminder: #WCNBG
- DURING THIS PRESENTATION YOU ARE ALLOWED TO TWEET: WHAT I SAY OR WHAT YOU’D LIKE ME TO SAY, BUT USE THE HASHTAG
WHO AM I?
HUSBAND
FATHER OF TWO
STARTED WORKING WHEN I WAS 14 (1994) SELLING CANDLES
I LOVE PHOTOGRAPHY AND SOCIAL PROJECTS.
LIVED FOR A WHILE IN :
ROMANIA,
GERMANY,
ITALY,
AUSTRIA,
USA
AND BACK TRANSYLVANIA (DRACULA A MYTH) - A HISTORICAL REGION OF ROMANIA
I LIVE IN THE CITY OF CLUJ NAPOCA, ROMANIA
18+ YEARS OF INTERNET, MEDIA, ONLINE MARKETING AND SOCIAL MEDIA
- WORKING AS A SOCIAL MEDIA SPECIALIST AND BRAND EVANGELIST AT SUCURI
I DON'T EAT PORK
WHO ELSE? [RAISE HANDS]
OR SEA FOOD
ALL IN FAVOR? [RAISE HANDS]
I LOVE COCA-COLA
WHEN I CLEAN THE BATHROOM
MY FIRST WORDPRESS INSTALL: 2009
WHO ELSE INSTALLED WORDPRESS FOR THE 1ST TIME IN 2009? [RAISE HANDS]
- I STARTED LOOKING INTO CMS-ES WHEN I NEEDED A WEBSITE FOR THE SHOEBOX PROJECT THAT MY WIFE AND I STARTED IN ROMANIA IN 2006
> VIDEO INTRO PLAYS
> VIDEO INTRO PLAYS
WHAT IS SHOEBOX:
2006 IN FAMILY
2015: 100.000+ BOXES || 19 COUNTRIES, 203 CITIES AND 416 COLLECTION CENTRES.
SO WE WANTED A WEBSITE
SO WHAT DO YOU DO IN ORDER TO GET ONLINE?
1. BUY DOMAIN NAME (OR GET ONE FREE)
2. BUY CHEAP HOSTING (CHARITY)
HOST USES CPANEL
CPANEL HAS SOFTACULOUS INSTALLED
SOUNDS FAMILIAR? [RAISE HANDS]
CMS SECTION HAS WORDPRESS > ONLINE IN 5 MINUTES!
STARTED SHOEBOX.RO ON DECEMBER 7, 2009.
BASIC WORDPRESS INSTALL, FREE THEME FROM VLADSTUDIO.COM
2009-2014: CONTINUOUS IMPROVEMENTS, CHANGED THEME, ADDED USERS.
AS I WAS LEARNING MORE ABOUT WORDPRESS I STARTED HELPING OTHERS TO GET ONLINE (PAID OR VOLUNTEER)
- BUT THEN SOMETHING HAPPENED THAT I WASN’T PREPARED FOR: [ BIG PAUSE ]
DECEMBER 22, 2014, 4 AM: WEBSITE HACKED, BLACKLISTED BY GOOGLE, SOON TO BE SUSPENDED BY HOST
BEEN THERE? [RAISE HANDS]
WHAT TO DO?
I KNEW THE WEBSITE WAS HACKED. TRYING TO FIX IT MYSELF, FOR 2 DAYS, ENDED UP AS BEING HACKED AGAIN BY ANOTHER HACKER TEAM.
FOUND SUCURI
AND
HAD LIVE CHAT
EXPLAINED MY PROBLEM
2 HOUR LATER THE WEBSITE WAS CLEAN AND BACK ONLINE
ON JAN 2015 AS WE WERE PUTTING TOGETHER THE REPORT FOR SHOEBOX 2014, I BEGAN LOOKING INTO SUCURI, MY SAVIOUR, AND FOUND THIS SOCIAL MEDIA FULL TIME REMOTE JOB.
ONE EMAIL AND 3 INTERVIEWS LATER THIS HAPPENS:
[PHOTO OF SUCURI SHIRT POCKET] "IT'S NOT THE SAME SHIRT, WE DO HAVE SEVERAL FOR EACH EMPLOYEE“!
LEFT MY CORPORATE 9-5 JOB FOR A FRESH START. NEVER LOOKED BACK.
AND IT ALL STARTED A YEAR BEFORE, WITH BEING HACKED.
BRAND EVANGELIST AT SUCURI, FULL TIME, WORKING FROM HOME.
LOTS OF TRAVEL AND EVENTS, MEETING PEOPLE, NETWORKING, PROMOTING A SAFE INTERNET AND SECURE POSTURE FOR WEBSITE OWNERS.
I DO OTHER STUFF AS WELL: SPEND TIME WITH MY KIDS, TAKING INSTAGRAM PHOTOS (A RECENT HOBBY)
AND IF ANY OF YOU IS INTERESTED IN BEING OUR COLLEAGUE, WE ARE CURRENTLY HIRING!
NOW LET’S SEE WHY BEING HACKED WAS A GOOD THING FOR ME
GAVE ME THE OPPORTUNITY TO DO SOME RESEARCH INTO WEBSITE SECURITY
- TERMS LIKE : “SECURITY SHORTLIST”, “SECURED WORDPRESS HOSTING”, “FIREWALL”, “SHELL ACCESS”, “PLUGINS AND THEMES VULNERABILITIES” ETC
MAKE MONEY OFF YOUR WEBSITE OR ITS RESOURCES
EARNING POTENTIAL BASED ON STEALING INFORMATION (DATA EXFILTRATION)
IMPRESSIONS BASED AFFILIATE MARKETING SCHEME
CRIMINAL ENTERPRISES
MAKE MONEY OFF YOUR AUDIENCE
EXTREMELY VALUABLE TO ATTACKERS
ABILITY TO TAKE ADVANTAGE OF THE TRUST YOU’VE BUILT WITH YOUR FOLLOWERS/CUSTOMERS
MAKE MONEY OFF YOUR RESOURCES
ABUSE OF THE INFRASTRUCTURE SUPPORTING YOUR WEBSITE
INTEGRATE INTO LARGER CRIMINAL NETWORKS (AKA BOTNETS)
ONCE WE ARE ONLINE WE ARE A PART OF A MUCH LARGER ECOSYSTEM AND OUR RESPONSIBILITIES EXPAND BEYOND THE WEBSITE
NOT ABOUT MAKING MONEY (FINALLY!!!)
BORED, WHY NOT?
IF IT ALLOWS ME ACCESS, WHY WOULDN’T I GO IN?
BADGE OF HONOR AMONGST PEERS
WHO HERE HAS A BACKUP SOLUTION IN PLACE ON THEIR WEBSITE? [RAISE HANDS]
WHAT EXACTLY CAN THE HACKERS DO TO YOUR ENVIRONEMENT?
IN THE CASE OF AN INFECTION OR HACK THE THINGS WE DO NOT SEE ARE SOMETIMES MUCH MORE IMPORTANT AS THE THINGS WE DO SEE
WE NEED TO PAY ATTENTION TO POSSIBLE CONNECTIONS TO OTHER SITES (BOTNETS) AND HIDDEN BACKDOORS ETC
7 LARGE INFECTION TYPES
IF THEY CAN MAKE IT WITH ONE THEY WILL TRY ALL, WHAT IF IT WORKS?
VARIOUS RELATIONSHIPS BETWEEN THESE TYPES OF ATTACKS AND THE HACKERS’ MOTIVATION
WHO CAN DEFINE EACH TYPE OF ATTACK [RAISE HANDS]
WE BREAK DOWN THE IMPACTS OF A HACKED WEBSITE INTO 2 DISTINCT CATEGORIES:
BUSINESS: BRAND, ECONOMIC, EMOTIONAL DISTRESS
TECHNICAL: WEBSITE BLACKLISTING, SEO IMPACTS, VISITOR COMPROMISE
YOUR BRAND IS MADE UP OF THE UNIQUE USER EXPERIENCE YOU OFFER THRUGH YOUR DESIGN, CONTENT, PRODUCT OFFERING AND SERVICE
WEBSITE PLAYS A CRITICAL PART IN THE BRAND REPUTATION
LOSS OF TRUST CAN DRIVE PEOPLE AWAY FROM YOUR WEBSITE, LOOKING FOR ALTERNATIVES
AUDIENCE SINCE 2011/2012 HAS GREATER TOLERANCE FOR WEBSITE COMPROMISE IF THEY ARE EXPLAINED WHAT HAPPENED
OUR RESEARCH SHOWS 90% DROP IN TRAFFIC IMMEDIATELLY AFTER A COMPROMISE, GOING UP IF THE WEBSITE IS ALSO BLACKLISTED
YOUR SITE GENERATES SOME FORM OF REVENUE (DIRECT OR INDIRECT), THIS IS WHY YOU KEEP IT ONLINE
COSTS ASSOCIATED WITH POST-COMPROMISE SERVICES, TO INCLUDE TIME/MONEY SPENT ON TOOLS, EDUCATION AND CONSULTATION
ANXIETY: NOTHING EVER GOES FAST ENOUGH
CONFUSION: UNCLEAR WHAT STEPS TO TAKE, WHO TO TALK TO, WHERE TO START
ANGER: YOU WANT TO REACH ACROSS THE WORLD AND SHAKE SOMEONE
SADNESS: A GENERAL FEELING OF OVERWHELMED, BURNOUT, EXHAUSTED
DISTRUST: AN EROSION OF TRUST IN TECHNOLOGY, INTERNET, PEOPLE
PEOPLE NO LONGER REACH YOUR WEBSITE
BLACKLISTING GOES BEYOND SEARCH ENGINES (GOOGLE, BING) AND CAN BE FOUND IN ANTIVIRUSES (NORTON, MCAFEE, MALWAREBYTES ETC)
CAN LEAD TO YOUR WEBSITE BEING FLAGGED GLOBALLY IN LARGE NETWORKS (CISCO, WEBSENSE ETC)
WHO HERE HAD THEIR WEBSITE BLACKLISTED? [RAISE HANDS]
THE ABILITY TO CONTROL WHAT SEARCH ENGINES SEE WHEN THEY CRAWL YOUR WEBSITE, LEADING TO DIRTY SEARCH ENGINE RESULT PAGES (SERP), IMPACTS TO YOUR DOMAIN AUTHORITY AND VALUE
INJECTION OF KEYWORDS: VIAGRA, CIALIS, CASINO, GUCCI BAGS, USING THESE TO REDIRECT YOUR SITE TO OTHER SITES
MALWARE DISTRIBUTION VIA “DRIVE BY DOWNLOADS”, ATTEMPTS TO INSTALL MALWARE DISGUISED AS GOOD SOFTWARE
WEBSITES CAN BE USED TO ATTACK BROWSER PLUGINS LIKE JAVA, FLASH ETC
COMPROMISE INCLUDE DISTRIBUTION OF RANSOMWARE: PAY TO UNLOCK YOUR COMPUTER FILES
SINCE BEING HACKED ALLOWED ME TO BE IN THE POSITION OF GETTING A JOB WITH A WEBSITE SECURITY COMPANY AND FINDING OUT ALL THIS INFORMATION, I FEEL IT AS A RESPONSIBILITY AND IT IS A PLEASURE TO TRAVEL THE WORLD, GO TO EVENTS LIKE WORDCAMP NUREMBERG AND SHARE MY EXPERIENCE AND ENCOURAGE WEBSITE OWNERS TO
THINK ABOUT WEBSITE SECURITY
AS A WEBSITE OWNER, YOU ARE CONSTANTLY EVOLVING, ADAPTING TO NEW THREATS AND HACKING TECHNIQUES
ESTABLISH PROCESSES: IF A HACK DOES HAPPEN, WHAT DO I DO, WHO DO I GO TO, WHAT RESPONSE MECHANISM DO I LEVERAGE?
BEST PRACTICES: LEAST PRIVILEDGE ACCESS ETC
PEOPLE THINK THAT IF THEY FIND THE RIGHT COMBINATION OF TOOLS, THE PERFECT PLUGIN ETC, ALL THIS WILL STOP
BUT IN REALITY THIS IS HOW THE WORLD LOOKS LIKE: [NEXT SLIDE]
SECURITY IS NOT JUST AROUND THE PEOPLE
OR JUST ABOUT PROCESSES
NOT EVEN ONLY THE TECHNOLOGY
INSTEAD IT IS A COMPLEX SIMBIOTIC RELATIONSHIP BETWEEN ALL THESE 3 COMPONENTS.
ON THEIR OWN, NONE CAN SAVE YOU
SECURITY IS NOT A DO IT YOURSELF (DYI) PROJECT
NOT EVERYONE LIKES SECURITY
ONLY A FEW SELECT PEOPLE DO AND WE SHOULD LET THEM DO IT AND HELP US STAY SAFE
WHERE TO FIND ME:
Twitter: @adspedia
Instagram: @adspedia
Email: valENTIN@SUCURI.NET