Over the weekend, the story of the hack on CyberServe's servers made headlines. The Black Shadow hacker group, which also hacked into the Shirbit insurance company, broke into CyberServe's servers and shut down dozens of websites that were hosted there. In addition, the hackers managed to access various databases stored on the servers and leaked parts of them. Among the websites affected were Dan, Kavim, the Mor Institute, Atraf, the Pegasus tourism company, and others. The National Cyber Directorate stated in a press release that it had previously warned Cyberserve that the company was vulnerable to attacks and needed to improve the security of its servers.
As of this writing, the websites are still down. Apparently, these are websites based on a closed-source system. This means that even if customers had backups of the websites (which they probably did not), they cannot do much with them. Websites built with closed code do not allow for easy transfer from one storage server to another, so Cyberserve's customers are 100% dependent on the solutions that the company itself is supposed to provide them during this crisis.
At this stage, we can only speculate as to how the storage servers were hacked. There could be several reasons for this. One possible reason is that the company did not enforce strong passwords for server access. Weak and short passwords allow hackers to perform a brute force attack, in which they try a large number of passwords in a short period of time. If the passwords are not strong enough, it is possible to enter the server and gain full access to the websites stored on it.
Another possibility is that website hosting companies do not always update the server's operating system versions. Old operating systems expose servers and websites to hacking.
In addition, Cyberserve may not have had an important component in server security: an intrusion prevention system. IPS (Intrusion Detection System) monitors the network and systems and checks for intrusion attempts and suspicious activity on the server. Alerts are sent to the server administrator. Some systems are even capable of automatically responding to intrusion attempts.
Worst of all, it is currently unclear whether there were backups of customer data on an external server. It can be assumed that there were backups on the hacked server, but since the hackers took complete control of Cyberserve's server, it is likely that these backups are now inaccessible. If the company had a backup on an external server, it would have been possible to change the DNS for the websites and simply re-upload them.
Obviously, no website hosting company is 100% immune to hacking, but the risks can be minimized by creating multiple layers of security, as we do at Linux Hosting. We also provide external backup services on a separate server, so that a website can be restored even in the event of complete deletion. For more information about secure, high-quality web hosting, take a look at our hosting packages (we also provide hosting via a virtual server).