June 21st, 2021 at 12:21 pm

Cybersecurity Report: HostArmada’s Need to know for 2021

12 minutes reading

The security of your computer, your web hosting server, and your online communications are essential in ensuring that you can have a healthy and secure online presence. Our digital world, dependent on our levels and advancements of cybersecurity, is never a dull one. Thousands of news and articles about the latest technology trends are published every day. It’s almost impossible to catch up. Throughout this sea of tech blogs claiming to feature relevant news and engaging topics, we understand if you have difficulty picking up the appropriate information. That is one reason why we at HostArmada have committed to updating our client base, followers, and other interested parties with relevant news on cybersecurity that is both informative and interesting to know. 

How’d we provide you with a summary of what 2021 will be like in the field of cybersecurity and online projects? Well, it is a hard one, we’ll give you that. However, if we had to put it into a few words, scattered workforces will remain vulnerable. Ransomware and state-sponsored cyberattacks will grow exponentially in number and severity. Meanwhile, businesses need to look long and hard at their cloud presence to ensure data access is fully secured. 2021 will be a year to take stock and look at how the cyberattack surface has changed due to the pandemic and consecutively spending up a lot of time shoring up our defenses accordingly.

You didn’t come here for just a summary though, (at least we think so); that’s why you should keep on reading if you’d like to find out more about the world of cybersecurity in 2021!

Cybersecurity in the Cloud

95% of companies now have at least some kind of cloud presence. But, many organizations don’t really think of themselves as being “in the cloud”, even though they have a whole load of sensitive information in the likes of Office 365 files right there in the cloud. In response to the Covid-19 pandemic, many businesses shifted over to cloud-based apps and systems for the first time. To avoid a flurry of violations due to “rookie mistakes” in 2021, these new cloud users will need to look carefully at their security stance.

What does this mean for online projects?

  1. Don’t assume that your new cloud service provider is in charge of securing your cloud environment. Remember, you are still responsible for your networks and user access controls.
  2. The majority of cloud breaches occur as a result of human error, including misconfiguration of the solution. Typically, your cloud provider will offer various access and identity control tools. Make sure to enable these so you’ve done all that you can for your security from that aspect.
  3. Likewise, the solution provider is likely to offer at least some level of logging and monitoring tools. Make sure you use these to keep track of any unauthorized or unusual access attempts.

It is important to note here that we at HostArmada offer Cloud-based SSD web hosting solutions that come secured with our hard work and cybersecurity software implementations. So when you come to trust us with providing a platform and storage for your online projects, be reasonably assured that your security on web hosting services is one of our top priorities.

Innovative, AI-based Security technologies take care of every website on our Cloud SSD Shared Hosting plans, providing an optimal protection level against the most dangerous web attacks. Every Managed Cloud SSD Server and Dedicated CPU Cloud Server hosting plan comes with a set of security tools. By default, an IP-based firewall activates to block malicious users when harmful actions are detected. Also, our customers can enjoy a free virus scanner and free SSL certificates for an UNLIMITED amount of domains!

The Microsoft Hack is a wake-up call for Cybersecurity Experts

A series of cyberattacks and data breaches began in January 2021, later disclosed more openly by Microsoft in March. According to Microsoft corporate vice president Tom Burt, as written in a company blog post, the hackers first gained access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities used to “disguise itself as someone who should have access.” Using web shells, hackers controlled servers through remote access (operated from U.S.-based private servers) to steal data from the victim networks. Initially, the flaw was being exploited by a hacking group to gain remote access to email servers, from which it could steal sensitive data.

As of 9th of March 2021, statistics have estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile’s Commission for the Financial Market (CMF).

The White House has called the hack an “active threat” and said senior national security officials were addressing it. The breach is attributed to Chinese cyberspies targeting U.S. policy think tanks. In late February, five days before Microsoft issued a patch on March 2, there was an explosion of infiltrations by other intruders, piggybacking on the initial breach. The hack’s fallout is still being measured to this day, and there are even active reports of further hacks happening to Acer.

“This is a crazy huge hack”

Christopher Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) tweeted.

Retrospect on the SolarWinds Incident

This global cybersecurity breach follows last year’s Russian-linked hack, leveraging SolarWinds software to spread a virus across 18,000 government and private computer networks. The malicious code created an accessible backdoor to customer’s systems, which hackers then used to install even more malware that helped them spy on companies and organizations. And since the hack was done so stealthily and went undetected for months, security experts say that some victims may never know if they were hacked or not.

US agencies were heavily targeted, including key parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury. All linked to the exploit. Larger private companies, in this case, Microsoft, Cisco, Intel, and Deloitte, hadn’t been spared from the attack. According to the Wall Street Journal, it didn’t end there because even other organizations were victims, like the California Department of State Hospitals and Kent State University.

Federal investigators and cybersecurity experts say that Russia’s Foreign Intelligence Service, known as the SVR, is probably responsible for the attack. They also credited Russian intelligence with breaking into the email servers in the White House, the State Department, and the Joint Chiefs of Staff in 2014 and 2015. Later, the same group attacked the Democratic National Committee and members of the Hilary Clinton presidential campaign.

Who is responsible for the Microsoft Hack?

Microsoft is right at the epicenter of an emerging global cybersecurity crisis. Raising flags worldwide on how we all approach cybersecurity. This hack has been the largest hack seen in the last fifteen years.

Microsoft said that the attack was initially perpetrated by the Hafnium, a Chinese state-sponsored hacking group, an advanced persistent threat, that operates out of China. Hafnium is known to install the web shell, China Chopper, which is a slick little web shell that does not get enough exposure and credit for its stealth. It is a reasonably simple backdoor in terms of components, of which there are two that serve as key components: the Web shell command-and-control (CnC) client binary and a text-based Web shell payload (server component). The text-based payload is so short and straightforward that an attacker could type it by hand right on the target server with no file transfer needed at all.

Microsoft says that Hafnium tends to strike targets in the United States, focusing on industries including defense, research, law, and higher education. While believed to be based in China, the group uses leased virtual private servers (VPS) in the US.

Announcing the hack, Microsoft stated that this was “the eighth time in the past 12 months that Microsoft has publicly disclosed nation-state groups targeting institutions critical to civil society.” As of 12 March 2021, there were, in addition to Hafnium, at least nine other distinct groups exploiting the vulnerabilities, each with different styles and procedures.

As of yet, the Chinese government has denied any involvement.

Chrome Browser now safer by default

With the implementation of Google Chrome’s version 90, the address bar will use HTTPS by default, improving privacy and even loading speed for users visiting websites that support HTTPS. Google Chrome users who navigate to websites by manually typing a URL often don’t include “http://” or “https://” in their URL. For example, users often type “example.com” instead of “https://example.com” in the address bar. In this case, if it were a user’s first visit to a website, Chrome would previously choose http:// as the default protocol. The browser mainly did this in the past because much of the web did not support HTTPS back then.

We have a great HostArmada knowledgebase article explaining what an URL is that you can take a look at here!

That is a significant step taken forwards for cybersecurity and privacy. Additionally, this change also improves the initial loading speed of sites that support HTTPS since Google Chrome will connect directly to the HTTPS endpoint without needing to be redirected from http:// to https://.

HTTPS protects users by encrypting traffic sent over the network so that sensitive information users enter on websites cannot be intercepted or modified by attackers or eavesdroppers. You can learn more about how to redirect your website to HTTPS through our HostArmada knowledgebase article.

Cloudflare unveils zero-trust browsing service

In the wake of the global pandemic, many businesses have shifted towards remote work. When it comes to cybersecurity, this means that the potential attack surface for threat actors increased due to remote and end-user devices that needed to connect to corporate resources. Whether as a permanent option or as part of the rise of hybrid work models, working from home may become standard in our society. Cybersecurity experts can’t wait for this to blow over. They’ve already started working on adapting and innovating what already exists. The corporate world needs to consider how best to keep their networks protected while also catering to a remote workforce.

We see Cloudflare step up with their latest contribution: a new zero-trust solution for browser sessions. The web security firm launched Cloudflare Browser Isolation, a software that creates a “gap” between browsers and end-user devices in the interests of safety. Instead of launching local browser sessions to access work-related resources or collaborative tools, the service runs the original, requested web page in the cloud and streams a replica to the end-user.

As there is no direct browser link, this can mitigate the risk of exploits, phishing, and cyberattacks. Also, Cloudflare automatically blocks high-risk websites based on existing threat intelligence.

“Everyone uses a web browser, and that makes it the perfect target for attackers all over the world. We don’t believe that the most effective protection to these attacks should be restricted to a handful of large companies with huge IT teams. Cloudflare Browser Isolation can be deployed by anyone in just a few clicks and automatically protects against the majority of threats people face online.”

Matthew Prince, Cloudflare CEO

Closing remarks on Cybersecurity

We understand that this news can be rather frightening when reading about them. HostArmada has also been alarmed by the rise of global cybersecurity issues and the current state of security standards present worldwide. However, it isn’t our intention to be fear-mongers or pessimists about the future. We are highly committed to improving our security as a web hosting company. We are making strides regarding that daily as we continue to develop our server infrastructure. Part of this commitment involves being up-to-date with the news ourselves, while another crucial part is keeping our clients updated.

If you have further questions, suggestions, or concerns, you can always reach us. HostArmada remains ready to be deployed 24/7!