How many SMB(small medium businesses) consider security at the top of their list in terms of business objectives? Not many… but it should really be given higher priority as any security breaches come with an expensive price tag. According to a survey conducted by a security and document-destruction company Shred-It, found that 96 percent of the small business owners realise the importance of keeping information secure, but lack the practicing.
In a nutshell the survey also revealed that,
- 25% of the companies have never done a security review whereas
- 35% of the companies had no protocol in place for dealing with secure data.
Well, cyber attacks are always a concern for the online business. Over the last few years, SQL Injection has been a top security concern for the online businesses due to recent media stories. After the most recent SQL Injection attack, so-called Lizamoon attack, the hackers no longer laid back and brought up their new innovative way of affecting websites where the attackers have created a dynamic script that sends visitors to a previously compromised Web Server and thus the affected websites form a big meshed network and hence the name ‘Mass Meshing Injection Attack’.
Let’s take a look at the basic difference between SQL Injection and Mass Meshing:
|Type of attack||Mass SQL Injection||Mass Meshing Injection|
|Victim criteria||Victims have to be tricked into a) downloading a binary and b) executing the binary, in order to be infected||Victims visit the website and are infected without their knowledge, no clicking required (drive-by download)|
|Number of infected sites||Google: 5600
Throughout 7 months
June 7th to now, 8 days
|Google blacklisting rate||Don’t know||20%, made difficult due to mass meshing|
|Blacklisting||Easy, because most redirectors are maliciously registered, so they can be blacklisted forever||Harder, because redirectors are infected but otherwise legitimate websites, and so they must be removed from blacklisting once cleaned|
|Injection method||SQL injection, error-prone, low success rate. Cannot delete what’s been injected. Injections do not change||FTP, total control of files on the website, that’s why they can do meshing. Injected script changes often; replaced with new ones|
|Injection content||Same for all infected websites||Different for every infected sites|
Armorize’s, chief technical officer Wayne Huang has highlighted “We found that the infected websites form a big mesh—everybody is injected with a malicious script that points to each other. Every infected web site is serving as a redirector for one another. You can’t blacklist anybody, because everyone is a redirector.”
In this mass meshing attack, out of the 700 compromised websites that belonged to the mesh network:
- Only 20 percent of the sites have been blacklisted by Google based on the sidename.js Mass Meshing Injection Attack.
- Another 10 percent was already blacklisted previously for a number of reasons.
At the moment, there is not much the average small or midsize owner of the business can do to defend against the wave of mass meshing attacks. In addition to this, mass-meshing attackers are equipped with tools that can quickly re-infect the websites that was cleaned.
In conclusion, they have highlighted that the owner of an infected websites had two outcomes:
- The hackers will take control of the visitor’s PCs, and there is 20% chance that Google will classify the website as malicious and blacklist it.
- In the second outcome, anyone using Google search to find the site will not be able to access it.
Huang recommends the following solutions for infected websites. They are:
- “The first response for many SMBs-particularly those with limited internal IT Staff—should be to call their Web hosting provider. The good ones, Huang said, will often be able to help and may have already identified a fix, particularly if they have other affected other customers.
- Change your site’s admin password, but don’t do so immediately: First run an antivirus scan on the PC. If it’s infected, the attacker will have to access to the new password too.
- Scan your systems—including files, databases and config files—for backdoors. Huang concedes that this might exceed the comfort zone of small SMB owners and staff; in that case, it might be time to bring in an outside vendor.
- Finally, when the site is clean and secure, begin the crucial process of restoring its traffic and reputation. Google’s webmaster tools allow for blacklisted sites to request re-evaluation for starters.”