adimas - Fotolia

NHS websites defaced by Tunisian Islamist hacktivists

Another series of pro-Islamic State hacktivist attacks on NHS websites has underlined the need to harden websites and keep software up to date as attackers exploit a vulnerability in WordPress

Tunisian Islamist hacktivists have reportedly hijacked and defaced multiple NHS websites with graphic images from the war in Syria in a series of cyber attacks.

The hacktivist group, calling itself the Tunisian Fallaga Team, have previously targeted six NHS websites in retaliation to the West’s aggression in the Middle East, according to The Independent.

In addition to graphic war images, the hijacked websites displayed the message: “Stop killing people in Syria” with the hashtags #Op_Russia and #Save_Aleppo.

Two of the targeted websites were reportedly severely damaged, and patient data is believed to have been vulnerable in the cyber attack, but initial investigations indicate that no patient data was compromised. There is also no suggestion patient safety was put at risk.

News of the attacks aimed at the NHS websites comes a month after the Tunisian Fallaga Team hijacked and defaced political party and educational websites in Australia as well as sites in Russia, Italy and Pakistan with messages calling for a halt to the killing of civilians in Syria.

The group, which has links to Islamic State, has also targeted French, Tunisian and Israeli websites in similar attacks in recent months.

The attack in Australia on the Labour Party website of Victoria’s treasurer Tim Pallas came just a day after UK prime minister Theresa May was urged to take stronger action against the threat of foreign powers influencing UK elections through hacking.

UK democracy under cyber threat

SNP Westminster leader Angus Robertson questioned whether the government was doing enough to protect UK democracy against online threats, following claims that Russia orchestrated an attack against Hillary Clinton and the Democratic Party during the US election.

The prime minister has reportedly said it is up to individual political parties to protect themselves against cyber attacks.

The website hijackings further underline the need for organisations – particularly political parties – to harden their websites against hacktivist attacks.

Read more about hacktivism

  • As with any technology, “hacking” and therefore hacktivism can be a force for good or evil.
  • In-Q-Tel’s Peter Kuper discusses hacktivists’ desire for attention, and how the growing use of mobile devices is driving the evolution of hacking.
  • A few simple security best practices may have spared security company HBGary Federal from the 2011 attack by the hacktivist group Anonymous.

News of the latest series of attacks by the Tunisian Fallaga Team coincides with reports that more than 100,000 webpages may have been defaced by attackers exploiting a recently patched critical vulnerability in the popular WordPress platform used for publishing websites and blogs.

WordPress issued version 4.7.2 on 26 January 2017 to fix three security flaws and a previously undisclosed critical vulnerability, which was not made public until a week later.

It delayed the disclosure of the critical vulnerability, which could enable a malicious attacker to modify the content of any post or page on a WordPress site, to give WordPress users time to update to the latest version.

However, researchers at website security firm Sucuri, who discovered the vulnerability, report that within 48 hours, multiple public exploits were being shared and posted online.

“WordPress has an auto-update feature enabled by default, along with an easy one-click manual update process,” wrote Daniel Cid, founder and CTO of Sucuri in a blog post.

“Despite this, not everyone is aware of this issue or able to update their site. This is leading to a large number of sites being compromised and defaced.”

SEO spam gangs may exploit vulnerability

According to independent security consultant Graham Cluley, it is also likely that SEO (search engine optimisation) spam gangs will be keen to exploit this vulnerability to manipulate Google search results for their own financial benefit.

“If you run a WordPress website, you have to take security seriously. That means, amongst other things, ensuring that you are running the latest version of the software and keeping an eye on the latest security alerts,” he wrote in a blog post.

Cluley said that even if WordPress users are not in a position to roll out WordPress updates automatically for their live website, they should build an infrastructure that allows them to test new versions of WordPress safely. They should also work towards ensuring that their live site is updated quickly.

Failure to do so, he said, means running the risk that attackers might exploit a security hole that should have already been patched.

Read more on Hackers and cybercrime prevention

Data Center
Data Management