Our Organization Website was hacked

July 23, 2021

Today some Pakistani / Russian group tried to hack our website

Sometimes we don’t feel our websites are important and leave them unsecured and most of the organizations don’t take websites seriously.

Websites represent our organization on the world wide web. They need to be secured not only because the site represents organization but many websites are linked to applications like CRM’s, Subscription mailers and have client and subscriber information stored in them.

Websites getting compromise means this subscriber data is compromised, site content can be changed and malware can be infused in the site which will infect visitors visiting the site. This will contribute to bad reputation for the website and the organization.

That was not the case with our TechnoPlanet Enterprise website. We secure each and every Segment and Layer of our Network and Application.

Our Website has WAF implemented and over that we have a rigorous monitoring system, which checks and reports any anomalies.

The site has a page where people can register and check case studies. Though the page is still in development, still we have secured the page and users who register / subscribe to the site can gain access to our case studies.

The page has a registration form. To register the user has to use a valid email ID, as system sends a activation code which is required to activate the account before you gain access to the case studies.

No alt text provided for this image

Every time you login a code is sent to the registered ID as 2FA (Two Factor Authentication) is enabled on the site. We have implemented 2FA for all kinds of authentications. Whether it’s Enterprise Network or Application Access.

2FA can be configured to use Authentication apps like Microsoft Authenticator or Google Authenticator.

On Google Play Store – Microsoft Authenticator & Google Authenticator

On Apple Store – Microsoft Authenticator & Google Authenticator

Coming back to the reason for writing this article. Our team reacted fast after we received notifications about the breach.

In our initial mitigation we found below information

The user used a email address which was created to hack into websites and applications. Since the AI implemented on our system detected the email address as not valid. A warning flag was raised and the support team were informed. (test26557302@wintds.org)

Team immediately disabled login for the user as user was trying to access pages which were not permissible for the access group the user belonged to.

No alt text provided for this image

On looking up the IP addresses we found that the

  • The user IP belonged to Saint Petersburg in Russia
  • The Domain belonged to a person in Jhang Pakistan.
  • The dummy website is hosted somewhere in Meppel, Netherlands.

With so many different countries involved. Dummy email address, Website and Whois Name this is surely something related to hack.

Implementing sites with smart tools helps save organizations with expensive restorations costs, downtimes and reputation loss.

Notification:

Event: Post Update

Website: https://technoplanetenterprise.com

IP Address: 46.161.14.104

Reverse IP: 46.161.14.104

Date/Time: July 22, 2021 9:55 am

Message: Status has been changed; details: ID: 1875,Old status: new,

New status: publish, Title: test26557302@wintds.org

Visit our website to know more about our service offerings.


Leave a Reply