A group of hackers defaced hundreds of websites after they hijacked a web-hosting server operated by a UK online services company.
On 21 February, a hacker collective that calls itself the National Hackers Agency gained control of 18.104.22.168. The IP address belongs to Mesh Digital, a company based in the United Kingdom that helps companies market themselves online. DomainMonster is Mesh Digital’s domain registrar. It sells companies domains and space on its web servers.
As reported by The Register, it appears the group had been vying for control of the server with another group called BD Level 7. The National Hackers Agency won that contest. To celebrate, it began defacing websites hosted on the server that promote adult content. But the hacker group didn’t stop there. It then turned to all the other hosted sites.
In total, the National Hackers Agency defaced 612 domains and subdomains. The group attacked different websites, many of which are owned by small businesses located in the United Kingdom, within seconds of one another. Among those websites affected by the hack include DomainMonster’s own blog.
At this point, it’s not known how the National Hackers Agency gained control of the server. Perhaps the server was protected by weak authentication and the group brute-forced its way into gaining access. Alternatively, the server’s software might have been susceptible to a vulnerability that the hackers chose to exploit.
Given these possible scenarios, it’s important that other organizations come up with security policies that emphasize the importance of strong authentication and set up a patch management strategy. Companies should then educate their personnel about these policies. They can do so via the use of third-party policy management software.
Does this type of solution sound of interest to you?