![Page 1: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/1.jpg)
Be open for business……not open to be Hacked
![Page 2: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/2.jpg)
Lionel ThomasRoles:• Man. Director Web Company• Game Studio Manager• Game Producer• Web Manager• Lead Web Programmer• Online Marketing & Sales• Multi-media Developer• System/Database Administrator• Community Manager• Computer Sales, Building and Maintenance
![Page 3: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/3.jpg)
Security is a Mindset
• Secured Million Dollar Online Store (Owner just wanted Sales)
• Cleaned a Server with 50 Websites Hacked (Actively Being Hacked)
• Access to a website in under 10 Seconds (Outsourced)
• Penetration Testing Online Stores in Australia 83% with issues
![Page 4: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/4.jpg)
Passwords
From a list of 10 Million Common Passwords…
![Page 5: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/5.jpg)
PasswordsTips:• Use a Password Manager (Daily Use)
• Different password per login
• Never Reuse (2012 - Dropbox 60m+)
• Change passwords regularly
• Use Phrases for Sensitive Logins
Example: IloveFlashGordon120%
Becomes faster every year…
![Page 6: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/6.jpg)
Passwords
www.LastPass.com
Key Benefits:
• Manage
• Sync
• Share
• Auto Login
• Audit / Change Passwords
![Page 7: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/7.jpg)
USB Sticks• Over 48% of people will pickup a USB Stick and Plug it in
• Only about 16% of those people will Scan it
Tips:
• Do NOT pickup Random USB sticks and make it a Policy
• Encrypt and/or Password protect the data on your USB sticks
![Page 8: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/8.jpg)
Killer USB SticksCost: $79
1. Charges capacitors from device (ie. PC, Laptop, TV, Printer)
2. Once charged, it discharges all power back into device
3. And Repeats…
It’s meant to be able to kill 95% of devices that have a USB port that do not have protection, which many do not.
![Page 9: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/9.jpg)
Pokémon GoMobile Apps.
At Release: Pokémon GO, granted itself FULL access to your Google Account.
Full Access includes the ability to:• Read your Emails• Send Emails from your Account• Access Google Drive documents• Look at Search History• Access Private Photos on Google Photos• And More…
Tip:Strick Policy around the use of Email Accounts on Mobile devices.
* Use a Burn Email
![Page 10: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/10.jpg)
Google Apps & Siteshttps://myaccount.google.com/security#connectedapps
![Page 11: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/11.jpg)
Phishing Attacks
![Page 12: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/12.jpg)
Phishing Attacks• May be emailed from someone you know
• May be via a Website
• Fake web pages
• Fake Domains
• Pull your Heart Strings, Urgency, Outragous
![Page 13: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/13.jpg)
Phishing Attacks
Tip:
Pick up the Phone!
![Page 14: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/14.jpg)
Cloud StorageTips
• Research your requirements
• You want Protection by two-factor authentication
• Don’t use Cloud Storage as your main Backup
• Updated files sync, this includes infected files
![Page 15: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/15.jpg)
For Home & Home Office
• Cybersecurity- Viruses and Spyware- Anti-Ransomware- Phishing Attacks- Identity Theft- Social Network Threats- Unsafe Websites
• PC and Mac
For Business
• Next-generation endpoint security
• Cloud-based threat intelligence services
• Mobile Security
• Secure web Gateway
• IoT cybersecurity
www.WebRoot.com.au
![Page 16: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/16.jpg)
Website SecuritySome of the Reasons to Hack a Website:
• Information thief
• Malicious Distribution
• Email Spamming
• Website Hi-Jacking
• Platform for DDOS attacks
![Page 17: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/17.jpg)
Website Security• 70% of websites have vulnerabilities
• Google search is a tool used by Hackers
• 205 days is the average time to detect a Breach
• 2/3 Stolen data is detected externally, usually when being sold
![Page 18: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/18.jpg)
Website Security
![Page 19: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/19.jpg)
Website Security
Sucuri: Website Hacked Trend Report 2016 - Q1
Reasons for being Hacked:
• Out of Date
• Improper deployment
• Bad configuration
• Poor maintenance
• 3rd Party Plugins
![Page 20: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/20.jpg)
Website SecurityChallenges of staying up to date:
• Highly customized deployments
• Issues with backward compatibility
• Lack of staff
• No procedures in place
![Page 21: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/21.jpg)
• Web Application Firewall
• Real-Time Threat Defence Feed
• Block Brute Force Attacks
• Country Blocking
• Manual Blocking
• Malware Scanner
• Website Spam Checks
• Track Site Logins
• View intrusion attempts
• File Repair
• Password Audit
• Cell Phone Sign-in
www.WordFence.com
![Page 22: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/22.jpg)
Website Security
www.CloudFlare.com
Filtering, Server Load Reduction, Speed Optimization and more…
CloudFlare
![Page 23: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/23.jpg)
Website Securityhttps://www.google.com/transparencyreport/safebrowsing/diagnostic/?
![Page 24: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/24.jpg)
Website Security
Email/Domain Check:Mail, Domain, Blacklisted?www.MXToolBox.com
DNS:Check your DNS Recordswww.LeafDNS.com
![Page 25: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/25.jpg)
Website SecuritySite Check:Scan content, Check Firewall, and more…sitecheck.Sucuri.net
Site Rating:Website Ratingsafeweb.Norton.com
![Page 26: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/26.jpg)
Website Security
Web Vulnerability Scanner:Vulnerability and Penetration Testing,Used by Governments, Large Corp. and Militarywww.Acunetix.com
![Page 27: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/27.jpg)
Website Host Security
Questions to Ask your Hosting:
• What Security is implemented?
• What should I be doing?
• Who Updates the Server?
• What is the Process if I am hacked?
![Page 28: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/28.jpg)
Website Security Overview• Secure Username & Passwords
• Multiple Layered Security
• Stay Updated (Host, Website & Plugins)
• Secure Hosting
• Regular and Archived Back Ups
• Stay Informed
Common Web Admin Usernames:• Admin• Administrator• Marketing• Firstname• Domain Name• …
![Page 29: e open for business… …not open to be Hacked...Sucuri: Website Hacked Trend Report 2016 - Q1 Reasons for being Hacked: •Out of Date •Improper deployment •Bad configuration](https://reader034.vdocuments.mx/reader034/viewer/2022052003/6015b9f77807561a7b5d867d/html5/thumbnails/29.jpg)
Suggestions
• Stay Up to Date
• Avoid the Shinny
• Pay to Stay Protected
• Have an Offline Component
• Create a Security Mindset in Staff