Lot of media (and not even those related to info security) reported this story today: LulzSec is back! Their last victim was the well-known English newspaper: the Sun. They redirected the site to a fake page which announced the death of Rupert Murdoch.
When reading this kind of news, our first reaction is often: “Wow! How did they achieve this? They should have deployed high-level hacking techniques!“. Then you start searching for more information and found that the attack was quite “simple”.
Some v€ndor$ are always looking for such “horror stories” like this one to push for some extra security products. Stop! This is a nice case study. Let’s review some facts:
1. The first component used to conduct the attack was a retired server. Why was this server still online? By implementing inventory and change management procedures you’ll avoid such zombies on your network.
2. The server was still running an outdated (read: vulnerable) version of the website. By implementing proper patch management, you could prevent this. Apply patches on all your systems not only the production.
3. The retired server suddenly generated some traffic and events (new connections, sessions opened). By using a log management solution, suspicious activity could be detected in time.
4. Visitors were redirected to a rogue server. By using simple monitoring tools, you could detect changes in the homepage or the server banners.
As you can see, implementing basic security rules could prevent from some attacks. No need to deploy $1M security boxes to protect your main door if some back doors remains unprotected!