Celebrity chef Jamie Oliver’s website has been declared “safe to use” after hackers compromised it and used it to serve up malware that could take control of visitors' computers.
The latest incident involving a high-profile website highlighted the dangers to websites and prompted calls for more automatic threat detection and prevention by internet service providers.
JamieOliver.com – which sees an average of 10 million visitors a month – was compromised through a plugin used on the site or stolen credentials for the site, according to The Guardian.
The compromise was spotted by security firm Malware Bytes, which alerted the site’s operators – who have since removed the malicious files.
The attackers embedded a malicious website in JamieOliver.com that exploited security vulnerabilities in Java, Adobe Flash and Microsoft’s Silverlight to install malware on visitors’ computers.
The malware was then able to download and install more malware that enabled the attackers to take control of victims’ computers for criminal activities such as stealing data and sending spam.
It is not known how many visitors the site infected with malware, but Jamie Oliver’s management team said in a statement that no-one has reported any serious issues.
READ MORE ABOUT WEBSITE SECURITY
- Lizard Squad hijacks Malaysia Airlines website
- Are security seals a worthwhile website security check?
- How can e-commerce website security be ensured?
- XSS flaws: Why aren't major websites catching XSS vulnerabilities?
- Business-facing websites lag behind in security, study shows
- Google to favour secure websites in search rankings
“The Jamie Oliver website is regularly checked for vulnerabilities by both our in-house team and an independent third party and they quickly deal with anything that is found,” the statement said.
“The team is confident that no data has been compromised in this incident but if anyone is worried, do please use the contact form on the site.”
Malware Bytes has confirmed that the site is now clean and praised the administrators of the site for their quick response.
“However anyone who has browsed Jamie Oliver’s site should perform a security scan to ensure their computers were not infected,” the company said in a blog post.
Independent security consultant Graham Cluley said in a blog post that it was important that those responsible for the site do not stop at stop at cleaning up the infection, but also discover the underlying problem to ensure hackers do not compromise the site again.
According to Fox-IT security researcher Maarten van Dantzig, the infection had been present on Jamie Oliver's website since early December:
“The advice, as always, is to be on your guard and harden your defences. Ensure all of your computers are always running an up-to-date antivirus program, and that you are not using a Windows account with admin privileges. Keep the likes of Adobe Flash and Java updated with the latest security patches, as online criminals love to exploit widely used programs like these,” said Cluley.
Cyber risk proof 'in the pudding'
Laurie Mercer, solutions architect at security firm Veracode, said that, when websites such as Jamie Oliver’s are compromised, both consumers and website owners are at risk.
“Users risk having their computers infected with malware and their money and identity stolen, whilst Jamie Oliver Group risks losing customers’ trust,” he said.
“Even after the incident is addressed users will think twice before browsing that site over one of its competitors. Websites are the modern-day store front, so it is vital they are secure and protect their customers.”
Mercer said all website owners should continually check for security vulnerabilities. “If anyone doubted that all businesses and customer-facing websites are at risk of being targeted by cyber criminals, this latest incident provides a telling example that the proof is indeed in the pudding,” he said.
Steven Harrison, lead technologist at IT service firm Exponential-e, said the incident demonstrated that system administrators and network operators cannot rely on users to maintain their own security.
“Modern malware is cloaked in a veil of legitimacy with users unknowingly granting hackers permission with every click and action. As a result, more needs to be done to counter today’s threats in an active, yet automatic way,” he said.
Users must be on guard all the time
Harrison said the use of a well-known site to push malware to users is a perfect example of the financial motives behind acts of cyber crime.
“Up-to-date antivirus and the latest patches belie the real seriousness of modern malware that often cannot be stopped by signature-based security alone. Instead, our entire approach to security in IT needs to evolve to one where we identify the good things and then fight back against everything else,” he said.
David Emm, principal security researcher at Kaspersky Lab, said the incident also highlights the need for website users to protect themselves.
“To the untrained eye, it can be nearly impossible to tell what’s legitimate and what’s not, no matter how aware people think they are,” he said.
“This incident highlights the need for everyone to install comprehensive internet security software that will protect them wherever they go on the internet. Even legitimate and trusted web sites, such as this one, can be compromised if attackers find a way to implant their code and redirect people to an infected website.”