When we first received a message from the Institute of Contemporary Medicine to report their site being hacked, we immediately visited the site to check its status, and found the adversary had defaced the site and was routing ICM users to “not very pleasant” sites. We took a few screenshots of how the site was looking like at the time.
Evaluation of risks and damages to ICM site
After signing the customary contract with ICM, AGF Security engineers ran a full assessment of the damage the site had taken after being compromised and badly defaced. This is what they found:
Damage | Status |
Website defacement | ✓ |
Code injections | ✓ |
Viral Infection | ✓ |
Database injections | ✓ |
Virtual Passwords Stolen (WP users) | ✓ |
Virtual Passwords Stolen (Database user) | ✓ |
Virtual Passwords Stolen (FTP user) | ? (potentially) |
Virtual Passwords Stolen (Web Server user) | ? (unlikely) |
Security Project Details
Project Description: The Institute of Contemporary Medicine is a Seattle based medical business with 15+ employees and thousands of patients every year. When they first contacted us, they reported having a security issue. We recovered their website from a severe hack that contained fraudulent links, viruses and hidden SEO content.
Technical Specifications: AGF helped ICM recovering content, files and their database, performed automated searches of encrypted malicious code and cleaned their website scripts and restored all non-functioning parts and secured potential attack vectors. We then helped them resetting their MySQL server, implemented database access denial measures, and develop tailored defensive measures for the Apache web server level.
After completing the website recovery, AGF monitored the website using log analysis with SCALP and transitioned to maintain the site. We also helped them tweaking their CSS, PHP and JS.
Project Technologies: FTP, MySQL, Shell, PHP, CSS, JS, Scalp, Apache.
Development Comments: The Institute of Contemporary Medicine was receiving thousands of hacking attacks every month. During the two years we worked together, AGF recovered their website and developed a security strategy that effectively protected their online presence. We also tweaked the website consistently to meet their usability needs, helped them post new content and manage their SEO.
Recovered site:
Aftermath
After completing the hack recovery project, ICM was so happy with the results that it entered a long term contract with AGF to keep the site software up-to-date, help with publishing and editing new content, and even a total revamp of their site which included developing a private e-commerce solution for them to sell their medicines online!