We recently helped one of our US-based clients to recover from a huge malware injection into their data. They are an established firm in the branding & marketing world for more than 3 decades. With a good number of customers who trust them, they are supporting several businesses through their digital services.
Backstory
In addition to branding & marketing, the digital agency also serves their 60+ clients by maintaining the web hosting servers that include websites and admin portals. Some servers had been online and running for more than 10 years now and had been pretty much stable.
ColoredCow partnered with the digital agency in late-2018 aiming to provide them the technical support and give them a long-missing tech strength they can leverage to bring more business.
The Doomsday
One fine day, the digital agency team started reporting several sites going down one by one. It initially looked like a minor server error or scheduled maintenance. However, the reports kept coming in, and the increment in sites going down did not stop.
Upon deeper investigation, the ColoredCow team found malicious code on the websites. Hackers got access to all the data related to the agency’s business and their customers by breaching their server security. The malware manipulated the code to show explicit content to the users. It was a real doomsday considering the server contains several non-profits websites and kids’ education portals with high daily traffic.
Not only the digital agency but their customers’ reputations were at stake.
It was a big task to clean the data from 60+ infected sites and fix the security breach to avoid future damages. Apart from this we also helped them to get their business continuity to normal and also suggested a Master Plan to avoid this crisis in the future.
It was not just our clients who were impacted due to this. It was a global attack that affected around 320,000 sites. Based on our investigation, we found one of the primary reasons for this security breach was a serious vulnerabilities issue in a plugin called InfiniteWP that was being used in all the sites. Also, the server security wasn’t that strong to manage this attack and hence the data got manipulated.
Data surpassed oil in terms of the most valuable resource in the world. It’s a primary asset for any digital organization as it helps them to grow their business, make better decisions, and continuity in their business. As the value of data increases, it also increases its vulnerability. Whether it’s a small business or a giant company everyone wants to make sure that their data is safe and secured by the best measures.
Present Day
While removing all the malicious data from the server, we were also working on a plan on how to prepare ourselves for something like this in the future. As attackers are getting more advanced in their approach, we choose to strengthen the data security by migrating the sites into a more secure service.
We worked on a plan to migrate their 60+ clients’ sites to an upgraded, more secure, and cost-effective hosting provider.
We waded through all the trending hosting options present in the marketplace and narrowed it down to the most suitable one. Below are our research, recommendations, and a detailed plan for the hosting migration
The parameters to decide the best suitable hosting:
Comparison of various hosting services based on the above parameters
From the above comparisons, Amazon AWS is coming out to be the most suitable hosting service.
Following articles and blogs had been the basis of these comparisons:
The site migration plan determines how much time and effort it will take to migrate from outdated infrastructure to AWS.
To explain it further with an example, let’s say you have 20 clients having a marketing website for their business. So far you have been using an old infrastructure and want to migrate to AWS to provide a better service and security to their digital presence. We will explain the approach and costing for the migration process.
As all the sites were configured as per the old infrastructure for which it was good to migrate the sites one by one between these servers to avoid any major compatibility issue. We can prioritize the order based on the following factors:
Less critical sites first
The latest set up sites in which tools/plugins and framework versions are already up to date or have minor updates available. This will help to ensure the new hosting setup is running smoothly without putting anything at risk if there is any downtime. This will help us to prepare better for other migrations down the line.
Smaller sites first
Another parameter to determine priority can be to migrate smaller sites first so that we get a good grip on the migration and testing steps. This will help to strengthen the migration checklist for bigger websites.
Migration at the time of usually less traffic
The parameter to define the appropriate time for migrating a website is traffic. The target is to migrate the site during midnight, where traffic is usually less, and the time zone difference of 12hrs would come in handy for the migration during fewer traffic hours.
Assuming we target migrating 6-7 sites/month, we can finish the process in 4 months. Here’s a roadmap for the above-mentioned example.
With the new hosting setup in place, the steps to set up a new website should be straightforward.
From our experience with this data breach, we realized how risky it could get to rely on the old infrastructure for data security. Our Belief is that security should be the primary concern for any digital organization and we should utilize all the latest technologies to make ourselves a step from the data hackers.