Recently, the micro-blogging service Twitter was a victim of different cross-site scripting (XSS) attacks. Malicious code had been distributed without the knowledge of its users via their accounts. Many people think such exploits are only a problem for large international companies, but the simple truth is that only incidents at large or well-known companies hit the media channels.
This does not mean that big companies are preferable targets for such attacks. Small and medium sized companies are easier targets, because they lack the necessary budget and know-how in order to protect themselves against sophisticated malware.
While today every company protects itself against attacks via e-mail, their web servers remain mostly unprotected. This aspect makes this type of vulnerability very interesting for hackers. In principle, every company that operates a web server and uses forms on their website, such as a contact form, is vulnerable.
What does it mean to be a victim of such an attack? The consequences can be severe. You may lose confidential customer and business partner data or infect visitors of your site with malicious code – just imagine your website giving out a virus to visitors for weeks without detection. Thus, immense damage can be caused to a third party – and you would have been responsible. In these cases, Google could detect the hack before you do, and mark your website as potentially dangerous in the search results. As a consequence, your corporate image will be damaged and you may lose much trust in your customer relationships.
Companies cannot afford to take no action against the vulnerabilities present in their web server. However, there are only two possibilities for a solution:
- You personally learn how such attacks work and how to protect web applications against malware. Then try to make your web server and applications more secure. However, this is very time consuming and expensive, and also requires ongoing training.
- You invest in a web application firewall, and place it in front of your web server. This is the faster solution, and it also requires less effort in the future.
Web servers already are popular targets for hackers, and this will only increase further with time.
Gert Hansen,
Vice President Product Management, Astaro
You Can Learn More About the Astaro Internet Security Product Line By Going to www.FirewallShop.com/Astaro.
The original article/video can be found at Don’t Let Your Web Server Fall Victim to Sophisticated Malware