Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Investigating cargo shipping website compromise

Read more
Get a FREE 30 min consultation

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

The Challenge

Defendza were approached by a potential customer seeking advice in relation to suspected attack. Upon further investigation, this customer's website was recently compromised by malicious threat actors. Several backdoor files were placed that allowed the threat actors to gain and maintain full control of the server hosting this website. Prior to our consultancy, client's team had proactively taken some measures after this attack – “all the necessary malware cleansing steps were taken care off and the website was secured with a shiny new Web Application Firewall (WAF)”. We were asked for an assessment before website goes back live on the internet.

The Solution

After initial review of client's circumstances, client was in line with our thinking to perform a thorough review of their newly setup website with a grey box approach to ensure learning as well as in-depth analysis. 

During the various assessment approaches during this test, server code routines were found vulnerable to SQL Injection therefore, solely relying on the Web Application Firewall (WAF) in use. Upon disabling the WAF, it was possible to compromise the entire application using trivial SQL injection. This vulnerability could allow a malicious user to inject SQL database queries directly into the backend and obtain all the sensitive data.

Further, during the review of the operating system supporting the application, several traces of compromised / backdoor files were identified as left. These were not purged as part of the cleansing process carried out by our client's team.  

Defendza's understanding was validated by client where they had taken steps as quick fixes approach to the website. They decided to revamp the entire solution including the supporting infrastructure.

From long term perspective, this customer followed good security practices by building the server from scratch ensuring secure hardening guidelines as provided by Defendza. These configuration and OS settings were set in line with standard security  practices. Developers benefitted from Defendza's debriefing session to adopt secure coding practices. These were identified as well implemented and confirmed during the retest. 

Discuss your security concerns with our security experts.
Call Us Now

Lessons Learned

  • Maintain customer image & brand reputation
  • Maintain trust amongst your partners and supply chain
  • Demonstrate improved security awareness amongst senior management
  • Reveal existing vulnerabilities
  • Validate cyber defence capabilities
  • Remediation plan including detailed mitigation measures

Resources