Cyber Risks: Web Admin Tool Exposure

Organizations sometimes focus on securing their network but overlook website security. While there may be no direct connection between your website and internal IT system, cybercriminals see websites as a valuable target. We can refer you to our expert partners who can help you detect existing or potential threats, as well protect your public-facing websites.

Types of web admin tool exposure

Data theft

When web administration tools are exposed to the Internet and not secured, properly, cybercriminals can use brute force attacks to obtain unauthorized access to your website applications and easily steal databases of user information used by the website.

Data scraping

With access to website admin tools, cybercriminals can easily capture sensitive personal data that users provide using the forms on your website.

Website defacement

Websites can be defaced for political, activism, terrorist related reasons, or to add pressure in a cyberextortion attack. Defacing a website may also be a way for a hacker to demonstrate their competency. Cybercriminals can also exploit an established website, making changes that redirect web traffic to a malicious or fraudulent website instead, a tactic often seen in cryptocurrency scams.

Spreading malware

If a cybercriminal can make changes to your website, it’s easy for them to include links that help spread malicious software and expand their range of targets, exploiting the trust that your users place in your website.

Protecting a website against an attack

Manage access

Inventory your web admin tools (content management system, etc.). Put in place appropriate measures for access to them, ensuring that they are not unnecessarily exposed to the Internet. Enforce strong multi-factor authentication (MFA) for admin tool users.

Assessment and patching

The number of services, frameworks, and applications on a web server can make it challenging to ensure that they are patched regularly and successfully. Having a third-party expert independently verify the security health of the website can be very helpful. Also, if your website is managed by a third-party provider, your service agreement with them should specify a definite time period in which they will patch your assets.

Separate collection of personal information

An Iframe (or inline frame) can be used to embed interactive elements onto a webpage so that sensitive information (such as government identification numbers) is stored separately instead of by the website directly. This can limit the information available to a cybercriminal even if the website is compromised.

Use of a content delivery network (CDN)

A CDN can enable the distribution of web content across a larger area, and enhance security. CDNs often have a level of resilience that exceeds the capabilities of most organizations’ security measures. As a result, DDoS attacks are often less effective when targeting websites that have their traffic routed through a CDN.

Whitelisting IP addresses

Restricting access to web admin tools to trusted IP addresses can reduce the risk of unauthorized access

How to respond to a website compromise

Policyholders who experience an actual or suspected website compromise incident should notify us immediately.

Report Incident

Preserve evidence

The first reaction is often to roll back the website to a previous safe version, but that could prevent you from learning what the cybercriminals have done. If this happens, you may have to guess how many individuals have been affected, increasing your response costs and possible third-party claims. Determining the right restoration point can often be a challenge, too. You may undo necessary patches or open the door for further access by the cybercriminals. We recommend that you use experts to help collect the evidence of a compromise and restore the website to a usable state.