Written by: Donovan Hoare,
Director: ATS All Technology Solutions (Pty) Ltd.
18+ Years Experience in IT and IT Security
So it is Christmas time, you’re on leave, or you’re in retail and it is your busy season. As I am one of “those” husbands, I do my Christmas shopping on the 24th, why would I be proactive.
Now just imagine you are a retail store and your hosted retail package gets hacked on the 23 December requesting bitcoin for it to stop happening,
But a backup gets restored but you lose a day of decent trade and some data and hopefully, no stock.
Then the 24th it happens again there goes another day of a decent trade.
Some companies can do Millions of Rands on Christmas eve because of husbands like me.
So now you are thinking. Donovan this doesn’t happen,and if this happens, it will never happen to me.
Let me tell you a story. It happened this Christmas, for professional courtesy I will not mention the company’s name that was hit or the hosting provider. However, as I am in the IT security Industry and my friends are in the affected industry I was able to find out more.
As I’m not sure of the exact vulnerability that was used I can tell you only the result happened, Basically, a hacker overwrote the client and invoice information with the following message “Pay 1 bitcoin to address to stop this happening: <Bitcoin Address>”
See screenshot sent to me
So not only was there a loss of potential trade, but the customer details have been compromised.
As far as I know, the problem has been fixed, let’s hope, but how can someone stop this from happening? Everyone says cloud is the best thing.
Move to the cloud they say. It’s safer they say.
So how often does one get a hack attempt? Well, see for yourself.
When I heard of this hack I decided to turn on tracking on my protected website. “Website and product listed below”
So below is a screenshot of the test data on 1st January 2019, from 00:01-17:00
The above connections (32) all tried to connect to my private application server. You are more than welcome to click this link to try access as well. http://admin.atstech.co.za/ It will just show how our protection works.
For the full list of IP addresses, you can click the following link to see Link To
Link to: Zip with Xls, Ods and CSV
Total blocked attempts (439) From 30 December 14:00 to 7 Jan 10:00
And as you can see a lot don’t come from South Africa. There is Ukraine, Russia, Iran and more. I can promise none of those countries needed access to my Internal Cloud Hosted Application
So Donovan, What to do when in under 8 Days there where 439 attempts to access your application. Well, there are a few things that one can do.
1) Make sure your provider is a decent hosting provider, remember Information Technology Security is a profession. You can’t just rent a server, throw an application onto the server then hope it works.
2) Make sure the software is up to date, For example, the servers that run the application effected above are running Ubuntu12.04.
Ubuntu 12.04 became EOL “End Of Life” in April 2017. In a few short months that will be 2 years past end of life.
3) Check the knowledge of the provider, just because you know an industry, does not mean you know IT security. Also, check their credentials and how long they have ACTUALLY been doing this. Suppliers love saying we have a combined experience of over 20 Years. So they have 4 employees of 4 years and some themselves but they have 20. I Donovan have been doing IT and IT security for 18+ years by myself. No need to combine employee time
4) Check what the provider can offer you to remove or mitigate the risks of a cloud-hosted service.
For example, ATS offers a product that only authorized sites (Meaning office, homes and cellular devices can access your server)
This product is not useful for a website because you want customers from all over the world, but if only your branches need access to a server then only your branches should have access to your server.
So in conclusion:
ATS VoIP Servers are attempted to be hacked about 20 times per min. So our application server is quite small on the number of hack attempts. However hack attempts will happen to everyone, but don’t be caught out
But be safe and be prepared. ATS does offer a wide variety of services that will be able to help you or just give you advise on how to secure yourself with your current IT provider. If you are interested please contact us.
Click Here to be directed to our Contact Details.
