Hacked: Malaysian company websites are at risk!
Why the lack of cyber security considerations is putting businesses in real danger.
27 March 2019
A couple of weeks ago our team at esugo stumbled upon a website of a rather big Malaysian distributor of POS printers. The company had engaged a competing agency to create a Wordpress powered website and was actively investing money in social media advertising, to drive traffic on that website.
When our team discovered the website it was apparent that things were going wrong. There was a overlaying banner advertising for a rather dubious so called ICO, an initial coin offering related to an unknown crypto currency, and upon closer inspection of the source code our team found malicious code designed to attack the computers of visitors of the website.
As the company belonged to an established b2b supplier it was immediately obvious that the placement of this code and advertising is most likely not intentional and rather the result of the website being hacked by a malicious third party.
What went wrong?
After an internal discussion of the findings our security team prepared a comprehensive report and attempted to reach out to the company in question. While this website is not related to any of our clients, the overall safety of surfing the web is paramount to us and we gladly help when there is an opportunity to do so.
Unfortunately after contacting the company we were not able to speak to anyone who understood the magnitude of this issue and despite providing our contact details an announced callback never happened.
While this suggests a lack of interest on the side of the hacking victim, we assume the issue is a broad lack of understanding of the incident, our outreach and the implications this hack has on their reputation and digital sales. To date, weeks after we discovered the hack and contacted the company in question, the malicious code remains unchanged on the website.
Actions to take
The fact this incident happened and not only seemingly went undiscovered but was not taken serious after being reported hints at a structural failure of security and service quality at the company and their agency, which should be in charge of avoiding incidents like this before they happen.
Some of the immediate actions to take for every company that wants to avoid the drop in sales and persistent image loss are:
- Always install updates immediately, when standard software like Wordpress with a lot of attention and security vulnerabilities is used
- Frequently 'patrol' your own website and make sure everything works, small companies can do this easily and for bigger organisations this is important enough to make it a recurring task for the QA team
- Take reports and feedback from visitors and customers serious, when they speak up the damage is done and needs to be controlled immediately
- Have a process in place, define who is in charge, who needs to be informed and have all the relevant contacts and information documented in a tool available to all employees
While these hands-on actions are a good start and every company should implement them immediately, when we talk about business and when real customers, orders and money is at stake it is inevitable to engage a professional agency to manage your digital presence.
If you want to know more about how we at esugo help our customers to maintain cutting edge digital security and what our in-house expert team can do for your business then email us to firstname.lastname@example.org or fill out the form below and we will be in touch.