The website of celebrity chef Jamie Oliver is probably wishing for a sprinkle more security on his website right now, after being hit a whopping three times in four months by malware attacks. Whilst it’s a worrying situation that security teams need to analyse, the harsh truth is that, the more high profile and successful a site is, the more likely it is to be targeted. Cyber attacks are now a regular and recurring part of owning a site, so it’s important that you know how to protect it, and – crucially – keep it protected.
Security company Malwarebytes found that – for the third time in nearly as many months – the attack on jamieoliver.com was redirecting users to malicious software. A spokesperson has said that they’re “trying to find the issue”, which – if nothing else – highlights the importance of staying one step ahead with regular penetration testing.
Malwarebytes said to the BBC that “The problem is that often people will get rid of the obvious signs (the symptoms)… but not what caused it in the first place.”
A spokesperson for the website has said: “We’ve implemented daily… malware detection scans, also an industry leading web application firewall to protect against all common security attacks… which has been blocking numerous hacking attempts”.
Web application firewalls (WAFs) protect data and applications as attackers try to exploit weaknesses in your code. They do this by checking every http request coming your way and – using predefined rules – block suspicious activity.
They’re specifically for your site (as opposed to a regular firewall which might sit in front of your entire solution), and protect from web attacks like SQL injection and cross site scripting (XSS). However, it’s also important to have other types of defence, and other types of firewalls to ensure every port is protected.
The site also said: “We’re working with a number of security companies to find the issue once and for all. We’re also running daily manual checks which have detected and cleaned a number of threats although it’s important to note that we have had no reports from any users that have been put at risk.”
Keeping your own security software up to date is vital too, as – if you visit a compromised site without security on your own device – the attack would scan your files in the background and nick your passwords. Our security arm Secarma says that the only way to ensure you’re safe though is to stay away from compromised sites. They also suggest implementing an early warning system by using a log monitoring / threat detection service.
In this instance, the price of Jamie’s fame is attackers trying to get to his fans’ data through his site. Malware developers use high profile sites to exploit people with vulnerable software to expand their botnets and steal data from you so help yourself out and update your OS, browser and plugins.
They’re still trying to figure out how exactly the attackers got in this time, but in the meantime it’s important to learn from the situation and ensure that you’re beating the buggers to it by protecting yourself!
To find out more about WAFs and the other security solutions UKFast offers, take a look at our website or give us a call on 0208 045 4945.