Website Security.

Cyber-attacks can be politically motivated (and can be done to uphold a cause) or they can be criminal, disruptive cyber anarchy. Either way, does it matter?

Well, whilst the issue may matter, the attacks won’t – providing you have the correct “cyber protection” in place. Here are some recent threats and cases:

1) The disruption of the Bahrain Grand Prix to stop the race, because it was being held in a place of political turmoil. The plan was to remove the Grand Prix from the World Wide Web.

2) The attack on WordPress by a botnet of “tens of thousands” of individual computers, according to the server hosts. This attack began just after WordPress had strengthened its security with an optional two-step authentication log-in option. This botnet had more than 90,000 IP addresses, so that an “IP-limiting plugin” wasn’t going to be very effective as the botnet could try from a different IP [address] every second for 24 hours.

3) The case of the 21-year-old British hacker, recently found guilty of a long string of online crimes, including launching attacks on the websites of Oxford and Cambridge Universities. The attacks were relatively naïve and the disruption was fairly temporary. But the hacker had strongly claimed that his intent was to compromise the websites as part of a politically-motivated campaign. 

So, were these attacks genuinely politically motivated or criminal damage? On closer inspection, in the case of the Oxbridge hacker, the young man had already been found guilty of previous criminal activities including burglaries of computer equipment and harvesting 300 credit cards, which he sold to foreign criminals. Each case must be judged individually as to whether the attack was in pursuit of a political cause or for criminal purposes (at whatever level of expertise), but what remains a fact irrespective of intent is that the need for effective security is paramount.

As far as your website is concerned, the intent of potential hackers isn’t what matters. What matters is that the Dental Focus team will look after your website security and uptime. Indeed, if everyone was as committed to protecting security as we at Dental Focus are then hackers would have a much harder time. But of course, many are blissfully unaware of their vulnerability, and so for hackers, it’s simply a numbers game in which they try enough websites and eventually they’ll find a vulnerable one to exploit. But rest assured; Dental Focus will make sure that site isn’t yours!

The WordPress attack was called a ‘brute force’ attack – because it was based on guessing weak and commonly used account names and passwords.

To help deal with this, Dental Focus took the immediate following security measures:

– Updated passwords, to ensure each one met the requirements specified.-    Changed common and default account names (for example ‘Admin’) to something less likely to be in common use

– Ensured we were using the most up to date WordPress version (and plug-ins).

 

 

 

Best wishes,

The Dental Focus team.