Cyber Security Breaches - Know it and Prevent it

Ms Evelyn Tan, Assistant Director, Marketing, Cybersite Services Pte Ltd

Ms Evelyn Tan, Assistant Director, Marketing, Cybersite Services Pte Ltd

As businesses go digital, they need Cyber security measures built from the ground up or risk costly security breaches which could compromise the safety of themselves and their customers.

Let’s face it - various technologies such as smart devices, sensors, big data analytics, and Internet of Things applications are generating massive amounts of valuable data that interest cyber-criminals and hence, businesses are becoming more vulnerable to breaches. According to Hiscox Insurance, cyber-crime cost the global economy more than US$450 billion in 2016. More than two billion personal records were also stolen.

Today, DDoS, remote code execution attacks, and cross-site request forgery attacks, as well as domain hijacking are some of the most common and infamous security breaches that can put a business at risk. We take a closer look at them.

"If businesses need the highest level of domain security, then a registry lock is the option"

►DDoS Attacks

A DDoS attack (Distributed Denial of Service) makes a server or a particular machine’s server unavailable to its users. This in turn allows attackers to access systems offline and compromise either a specific function of a website or an entire website.

► Remote Code Execution Attacks

In both the server and client side, there are vulnerable components like remote directories, unmonitored servers, and libraries that are prone to attacks. In order to trigger a remote code execution attack, cyber-criminals use command lines, scripts, and malware to exploit these components and extract confidential information. This implies that basic user authentication is not enough to protect websites.

► Cross-Site Request Forgery Attacks

Using a cross-site request forgery attack, cyber-criminals send users a forged HTTP request to collect cookie information. This is done when a user is logged onto a particular account or session. This process continues as long as a user is logged on. Hence, it is always a good practice to request users to logout immediately after their job is done or to automatically expire a session if the user is idle for too long.

The Growing Threat of Domain Hijacking

While these are some of the top cyber security breaches, the one that is rapidly gaining momentum is domain hijacking.

Consider this: Thousands of customers visit a particular website and one fine day they are greeted with an image of a heinous creature and some offensive language. How did all those appear on the website? The answer is through domain hijacking.

The domain name of an organisation is more than just a name–it is an asset. More often than not, businesses are unaware of their domain being hijacked till visitors access their website and notice something wrong. Also, it is not always possible to depend on the domain registrar to enhance security. Therefore, to prevent domain hijacking, it is important to understand how it is done in the first place.

How Cyber-criminals Hijack Domains

Domain hijacking is the act of changing the registration of a domain name without the permission of its original registrant. Cyber-criminals trigger an attack to acquire personal information about the actual domain owner and use it to gain control of a domain. The attacker then uses it to alter emails and websites.

It is also worth noting that a domain breach is the end result of common cyber-attacks like phishing and pharming. Phishing is a common means to generate a domain breach. This technique is easy and can include stealing login credentials. The attacker does this by emailing a link to customers that directs them to the phishing site. According to an Anti-Phishing Working Group report, the number of phishing websites rose from about 86,500 in January 2016 to about 123,500 in March 2016.

Another way to carry out domain hijacking is pharming. In this case, attackers send a code in an email that automatically modifies the local host files of a personal computer. These infected host files convert URLs into number strings that an infected computer uses to access websites. This ensures that even when a user types a correct address, he will end up being redirected to a fake or hijacked website.

Although phishing and pharming may appear similar, they are not. Unlike phishing, pharming does not require a conscious action from the user.

How to Prevent Domain Breaches?

When it comes to preventing attackers from hijacking domains, most registrars offer registrants a registrar lock function, which prevents unauthorised altering of information unless the lock is explicitly removed. A domain is not locked by default; the domain owner needs to enable the lock by logging onto his account on the registrar’s portal, clicking onto his domain, and selecting the “Registrar Lock” option. At the registrar level, both the domain owner and the registrar have access to the domain.

While a registrar lock is considered secure, it is worthy to note that there can be vulnerabilities in the domain registrar’s system that goes unnoticed, and cyber-criminals capitalise on this loophole. For instance, if a domain registrar gives the authority to change passwords as many times as a person wants, then there will be a chance that an attacker will keep guessing an individual’s password until he lands on the correct one. And when he gets it right, the domain is exposed.

Higher Security to Keep Cyber Criminals at Bay

If businesses need the highest level of domain security, then a registry lock is the option. At the registry level, even a domain registrar is not authorised to make changes unless the business appoints their registrar to be the administrative contact. While the process is not mandatory, it may seem time-consuming. However, this extra process provides an added layer of security. This is especially essential for government bodies, educational institutes, banks, large IT enterprises, media companies, and online retailers—businesses that experience heavy traffic on their websites or possess high-value domain names.

Besides activating a domain with registry lock, keeping up-to-date with security patches, two-factor authentication, call-back authentication, and monitoring website traffic are other best practices businesses can adopt to keep their domains safe.

It is important for businesses to understand that without proper security practices and tools, it is a matter of ‘when’ and not ‘how’ their domain will get hijacked. Staying forewarned is being forearmed.