People are visiting thousands of different websites every day. Unfortunately, many website owners do not take proper precautions, and hackers manage to steal valuable customer data.
Once the insecure website is taken over, cybercriminals’ possibilities become endless. From using the information for social engineering to selling it on the dark web – any malicious activity can result in financial losses for users and a damaged reputation for the company.
Today, Cybernews asked the CTO and Co-Founder at Quttera, Michael Novofastovsky, to explain how website owners can protect their sites and how users can spot an attempted cyberattack before it’s too late.
How did Quttera come to be? What has the journey been like so far?
It all started when web malware was making its way to become the primary vector of hacking attacks. The traditional and well-known approaches to threat detection could not keep up with the pace of the newly developed malware variants, 0-day exploits, dedicated malware attacks, and numerous other sophisticated malicious software. The idea behind Quttera was to create a better solution to address the evolving web malware.
The algorithms that we developed and patented incorporate several methods to dissect the web data and pick up on the signs of malicious activity. To name a few, we use constantly updated heuristic engines, emulation engines, self-learning modules, mathematical modules that calculate probability, and many other mechanisms to generate the verdict within a specific range depending on the sensitivity level of the scan. This model became an industry-leading web threat detection technology and an infrastructure for our products targeting various usage types and industries.
Today our portfolio consists of a website protection platform (ThreatSign), a Web Malware Scanner (REST API), a Threat Intelligence Data Feed, a Web Application Firewall, and Malware Cleanup Framework (Malbuster).
Can you introduce us to your platform? What are the main issues it helps solve?
We developed a ThreatSign platform for individual website owners and web agencies who manage a portfolio of websites for their clients. The main goal is to minimize the time spent on cybersecurity issues and reduce support costs by using automation to the maximum extent. Additionally, we focus on all aspects of cybersecurity measures required to maintain a healthy and protected website. Such defenses include the following:
- periodic malware scan (monitoring) of both server files and client-side of the website
- managing SSL
- filtering traffic with a web application firewall
- checking the website and all links against internet authorities to make sure the site is not on blocklists
- uptime monitoring
- malware removal, etc
With ThreatSign, you can focus on your business goals and manage security easily and in one place. It can protect a website of any size, type, and complexity; a 360° malware solution for business websites is easy, fast, and effective in real-time. And there's also no need to install or maintain any software.
What would you consider to be the most common threats that websites are facing today?
Statistics vary depending on the data aggregation and methodology. But the rough counts are more or less of the same magnitude. I can share the numbers we discover when analyzing websites that we protect with ThreatSign. For the SMB sector, the ThreatSign network shows more than 40 attacks per day on a typical business website. We detect the whole variety of malicious behavior, but the most common I would say is:
- Payment credentials skimming
- The exploitation of known vulnerabilities
The impact on the business due to an infected website is immediate and can be very severe. It will take time and resources to recover from the reputation damage, restore/validate the advertising and marketing of the web assets, cover the legal consequences, etc. On top of that, once such a website gets on Google, Yahoo, or other blocklists, the result would be a significant decrease in visitors and sales.
Have you noticed any new threats emerge as a result of the current global events?
Since COVID-19 entered our lives, phishing attacks have increased significantly. That includes attacks against SMBs hijacking the websites and traffic, spamming companies, fraud attacks disguised as vaccination appointment websites or a solution for COVID-19, and many other similar techniques.
In a recent global event related to the war in Ukraine, we have seen websites defacement targeting SMBs on both sides of the conflict.
What are cybercriminals usually trying to achieve by deploying malware?
There are many reasons cybercriminals use malware, but the main one is financial gains. Malicious actors use malware to trick victims into providing personal or financial data during an attack – credit card details, digital wallets, cryptocurrencies, Social Security numbers, etc. Hackers could then resell the gathered information on the dark web or use it to collect further intelligence that would help them in attacks against other targets.
In your opinion, what security details are often overlooked when developing a website?
I think the most common security details that are often overlooked include the following:
- Using components, libraries, and plugins with known vulnerabilities and not patching regularly or updating. An attacker can easily find known vulnerabilities with openly available automated hacking tools and techniques to exploit those vulnerabilities.
- User input sanitation and validation. A failure to properly validate a user/client input before directly using it without any output encoding leads to almost all common vulnerabilities on a website, such as SQL injection and Cross-Site Scripting (XSS).
- Not setting up logging and monitoring. You could minimize the impact of malware by taking appropriate actions just by enabling logging and monitoring. When a website does not have logging and monitoring enabled, there is no way to identify a breach until it is too late. The website owners usually discover from third parties that something bad has happened. The alert could come from a customer who notifies that the website is serving explicit content or the traffic redirects him to phishing pages. After a couple of hours, the website would get on the blocklist of one of the internet authorities such as Google, Yahoo, and Norton.
- Security misconfiguration. Using a vendor default configuration, passwords, not having secure HTTP headers, and leaving default HTTP methods.
- Sensitive data exposure. Exposing information about your website or customers is not just irresponsible but dangerous as you and your customers become easy prey to attacks.
Which security features are essential for websites nowadays?
The first one in the list is a Web Application Firewall (WAF) to filter incoming HTTP requests and block malicious traffic. On top of that, WAF provides virtual patching functionality, which blocks vulnerability exploits attacking vulnerable software components.
Another must-have tool in the website protection arsenal is the Client-Side (also called External or HTTP-base) and the Server-Side (also called Internal) malware monitoring, which scans the web assets outside-in and inside-out for any signs of malware. Coupled with performance monitoring and file-system integrity monitoring, you get a comprehensive picture of the website's cyber security status.
Yet another essential feature is SSL certificate management allowing a website to handle encrypted HTTP requests protecting the website from HTTP session hijacking, and protecting website visitors from stealing personal information.
Talking about average Internet users, what should they be especially vigilant about when browsing? Are there any security tools that you would like to recommend?
Visiting websites has become a significant part of our day-by-day activities. Websites allow us to pay for education, food delivery, retail, and perform many other operations that impact our family and us. Internet users' primary concern is whether the site they visit is safe and can be trusted with their personal, financial, and other sensitive information.
When you have a concern about visiting a particular website, I would recommend the following:
- Make sure the connection is secure and that the displayed information in the security certificate is valid and up to date;
- Exercise common sense before accessing any link, especially on social networks. Check the URL for something unusual, such as a misspelling or a weird name, a very lengthy URL, and if the URL is shortened, it is most likely a redirection, and it is better to check what is the final destination of such URL using a web malware scanner;
- Make sure internet authorities do not flag the site as phishing or suspicious using tools, like VirusTotal or URLVoid;
- Check any website for malware, blocklisting, suspicious links, links to the blocklisted websites, malicious redirects, and a wide variety of online threats using the Quttera’s free public website malware scanner;
And finally, what’s next for Quttera?
With the recent global changes that we all face, the Internet has become an essential part of our everyday lives. The virtual and physical worlds are merging and augmenting each other. We order food through websites, we request delivery through websites, we learn, we teach, we interact over the web and through dedicated web assets. And those assets have become very important and require proper cyber security.
At Quttera, we are expanding our partnership programs with advertising networks, cloud providers, and website building platforms to make website security an integral and essential part of any website, regardless of the platform. We also have exciting discussions with the IoT providers to explore integrating our scanning capabilities to address malware in connected devices and IoT-specific workflows.