Montana Websites the Target of Recent Attacks
Website security is in the news again, and this time it seems to be affecting a lot of Montana website owners. We have identified a handful of Montana websites hacked this past week but there are likely dozens more that have been hacked already, and a large number that are still susceptible to the hack.
The recent security issue is with a plugin called WordPress SEO by Yoast, a very common plugin used by more than 14 million websites. The exploit uses an SQL injection attack to gain access to the website database where it can add, change or delete information. Website owners should consider this a critical security issue and update right away.
What makes this security incident a little bit different is that the hackers have exploited this very quickly. News of the security issue came out on March 11. Websites started to get infected almost immediately — within a few hours of the news. And this past week has seen a steady increase in attacks.
The hacker group behind most of the attacks goes by the name Moroccan Agent Secret. Once a website is infected they post news of the hack right away on their Facebook page. On the date of this writing, the Facebook page was littered with Montana-based websites that had been hacked. In most cases website files are altered or deleted and the website is defaced with an image similar to the one at the top of this article. We recommend that website owners, especially those using WordPress, immediately review their websites and perform necessary updates and backups.
These types of security risks seem to be increasing over time. The aftereffect is often a loss of data, as well as a website that is offline for a day or longer. It typically means that a business loses sales, experiences distractions from normal business operations, and racks up expenses for technical help to recover from the incident.
The best course of action comes in the form of prevention. We often remind people that website security is mostly about website maintenance. No system is 100 percent secure and systems tend to become less secure over time without regular maintenance. Many website owners launch a new website without any formal maintenance plan. These are the websites that expose themselves to the most risk.
The philosophy we take at PartnersCreative is to discuss website maintenance with clients at the start of a project and encourage clients to adopt a maintenance plan with any new website launch. This typically means that websites are updated faster, the window for open security risks is minimized, and less time and money is spent frantically trying to recover from a hacked website. The ultimate benefit of a website maintenance plan is that businesses and organizations can remain focused on what they do best.