Cyber Risks: Web Framework Compromise

Organizations sometimes focus on securing their network but overlook security for website components like your content management system or e-commerce platform. While there may be no direct connection between your website and internal IT system, cybercriminals see websites as a valuable target. We can refer you to our expert partners who can help you detect existing or potential threats, as well protect your public-facing websites.

Types of web framework compromises

Data theft

Cybercriminals can compromise your website applications to steal data users provide to the website, such as payment card information on an e-commerce site, or identifying personal information such as government identification numbers that the cybercriminal can use for impersonation and fraud.

Validating stolen payment cards

When cybercriminals use stolen payment cards, they often run small-value transactions first to test that the cards are valid. To do that, they often target websites that accept payment cards—charity or crowdfunding sites are popular because of their donation pages. A compromised website can saddle the website owner with tens of thousands in payment card fees in a matter of hours.

Website defacement

Websites can be defaced for political, activism, terrorist related reasons, or to add pressure in a cyberextortion attack. Defacing a website may also be a way for a hacker to demonstrate their competency. Cybercriminals can also exploit an established website, making changes that redirect web traffic to a malicious or fraudulent website instead, a tactic often seen in cryptocurrency scams.

DDoS attack

If website forms are not designed properly to validate information that is entered into the requested form fields, cybercriminals can repeat automated queries until a website has been overwhelmed and crashes. For more, see [LINK to DDoS scenario]

Protecting a website against an attack

Assessment and patching

The number of services, frameworks, and applications on a web server can make it challenging to ensure that they are patched regularly and successfully. Having a third-party expert independently verify the security health of the website can be very helpful. Also, if your website is managed by a third-party provider, your service agreement with them should specify a definite time period in which they will patch your assets.

Separate payment card processing

Using a payment processor can prevent the need to store payment card information. An Iframe (or inline frame) can be used to embed interactive elements onto a webpage so that sensitive information (such as payment card data) is sent to the appropriate processor instead of being stored by the website directly. This can limit the information available to a cybercriminal even if the website is compromised.

Use of a content delivery network (CDN)

A CDN can enable the distribution of web content across a larger area, and enhance security. CDNs often have a level of resilience that exceeds the capabilities of most organizations’ security measures. As a result, DDoS attacks are often less effective when targeting websites that have their traffic routed through a CDN.

How to respond to a web framework compromise

Policyholders who experience an actual or suspected website compromise incident should notify us immediately.

Preserve evidence

The first reaction is often to roll back the website to a previous safe version, but that could prevent you from learning what the cybercriminals have done. If this happens, you may have to guess how many individuals have been affected, increasing your response costs and possible third-party claims. Determining the right restoration point can often be a challenge, too. You may undo necessary patches or open the door for further access by the cybercriminals. We recommend that you use experts to help collect the evidence of a compromise and restore the website to a usable state.