Cyber security experts from the national computer emergency response team, CERT Australia, have called on Australian companies to apply regular security software updates to protect their websites from defacement and subsequent damage to business and reputation.
The CERT is part of the Federal Attorney-General’s Department and the Government’s contact for cyber security issues affecting major Australian businesses.
It advised that in the 30 days to 18 January, approximately 608 Australian websites were identified and reported as being defaced, many because owners and operators had not applied security updates to their website platforms.
Attackers can exploit vulnerabilities in web platforms to change the physical appearance of a website and use it to distribute malicious software, according to the CERT.
“This software can capture sensitive data to steal money or undertake identity theft, or download ransomware to the computer, mobile phone or tablet of people who visit the site,” it said.
Popular website platforms that are targeted include content management systems such as WordPress, Joomla and Drupal, it advised.
“The developers of these systems regularly issue security updates to address vulnerabilities and keep their users safe. To minimise the risk of defacements, website owners and operators should apply regular updates to all supporting software.”
Where possible, CERT Australia said it notified website owners and operators when their sites had been defaced and provides a series of recommendations to help secure the sites.
In addition to securing your website, the Department of Communications advises businesses talk to their developer and internet service provider and back up their website among their tips for keeping your website safe.
Sign up to Technology Review’s weekly e-newsletter for news and analysis, as well as coverage of the latest products, resources and events. You can also follow Technology Review on Twitter. Send your company news, tip-offs and news on tech resources, products and events to firstname.lastname@example.org.