comscore Updating website software helps ward off cybercrime | Honolulu Star-Advertiser
Business | Tech View

Updating website software helps ward off cybercrime

Honolulu Star-Advertiser logo
Unlimited access to premium stories for as low as $12.95 /mo.
Get It Now

If you host your own website, be aware of “watering hole” attacks that can be used against those who visit your site. In the animal world a lion lies in wait for prey near a water source. In the cyberworld, online criminals infect a trusted website to lure new victims instead of going after the victims directly.

Some of the more notable examples of watering hole attacks include:

>> Beginning as early as 2009, Operation Aurora was known to leverage watering hole attacks in addition to phishing attack vectors to compromise major organizations such as Adobe, Google and RSA.

>> In early 2013 a mobile developer forum was used to infect several developers at Apple, Facebook, Microsoft and Twitter with a Mac OS Trojan.

>> In July a large aerospace firm’s website was manipulated to attack a recently fixed Adobe Flash vulnerability.

Many small-business owners hire a firm to design their website and then host it through a low-cost Web-hosting provider (for example, Small-business owners are often unaware that the software running their website needs maintenance and updates and that this responsibility falls on them, not on the website designer or hosting provider. Cybercriminals exploit this knowledge gap and install malware on these un-maintained websites, which can evade detection by launching only when the website is:

>> Accessed by a particular browser or operating system.

>> Clicked through from a Web search engine.

>> Not bookmarked.

>> Visited by a unique IP address.

What can small-business owners do to protect their websites? First, know and update the software that runs your site. Many small-business websites are run on content management system software, such as WordPress, DotNetNuke and Drupal. Some of these companies also offer professional Web-hosting services, which I recommend checking out.

Second, limit the use of third-party plug-ins, which are a popular way to introduce new functionality to your website. Unfortunately, they are also a way to introduce new vulnerabilities.

The bottom line here: If you own a website, it’s important to understand the full scope of your responsibilities and take precautions to address them.

Vincent Hoang is an enterprise architect at Hawaiian Telcom, a certified information systems security professional (CISSP), GIAC systems and network auditor (GSNA) and Cisco certified network professional (CCNP). Reach him at

Comments have been disabled for this story...

Click here to see our full coverage of the coronavirus outbreak. Submit your coronavirus news tip.

Be the first to know
Get web push notifications from Star-Advertiser when the next breaking story happens — it's FREE! You just need a supported web browser.
Subscribe for this feature

Scroll Up