Is Your Website Using the Revolution Slider – What Have We Learned from the Recent Panamanian Mossack Fonseca Breach?
Mossack Fonseca & Co. is a Panamanian law firm and corporate service provider. The company presently has numerous offices worldwide. The company defends the legality of the work it does to help people set up offshore financial holdings. For the record, the world is generally under the impression that offshore bank accounts are for the wealthy, super spies of the world, and for criminal types who want to evade paying taxes. Many of the people who invest in offshore accounts simply want to take advantage of investment opportunities not available in their own country. Another goal is to safeguard their savings by tucking them away in another country.
These would all seem like viable explanations, but if a person worries about protecting personal assets in their own country, shouldn’t the same amount of concern be applied to stashing assets away in a foreign country? Whatever your secret thoughts, it’s not illegal to invest in offshore banking. No doubt, it’s a conversation for another day and a reason that people choose to invest in offshore accounts. What we can all agree on is the need for world-class safety protocols to be in place where sensitive data is concerned.
Mossack Fonseca finds itself at the controversial center of the world’s biggest data leak in history.Hackers stole more than 11.5 million documents that link a number of the world’s top leaders with tax evasion. The information compromised in the hack is infamously known as the “Panama Papers.” Before any criminal charges are ever levied, a thorough investigation of the leaked information has to take place. As a result, 12 heads, or former heads, of state are currently suspected of high-level money laundering, financial fraud, and other forms of corruption. At least 60 other people are under scrutiny, and that net may widen as additional information becomes available.
Is the WordPress Revolution Slider the Cause of Breach?
It’s safe to say that you can trust the journalistic and research skills of Forbes and those who write for the publication. However, you have to be careful in how you interpret these things. One has to completely verify any information. A such, Forbes discovered that Mossack Fonseca was running a three-month old version of WordPress for its main website. WordPress was known at the time to contain a number of vulnerabilities.
To make matters worse, the firm’s portal that customers used to access sensitive data, was likely being run on an outdated version of Drupal, 7.23. This version had at least 25 vulnerabilities that hackers could have taken advantage of to upload code and steal data. As early as 2014, Drupal warned its users that any software below 7.32 was in danger of being hacked within seven hours of the software’s release.
How the Hack Occurred
WordPress ran a vulnerable version of Revolution Slider. The company’s email servers and WordPress servers were on the same network. So far, it seems that email was, by far, the largest chunk of date stolen in the breach. Apparently, it was easy to hack into the MF WordPess site as result of the WordPress Slider version used. Gaining access to a WordPress website allow any hacker to view the contents of its wp-config.php area that stores WordPress database credentials in clear text. This information makes it easy to gain access to the database. The only reason MF’s database wasn’t hacked sooner is that no one chose to hack it.
What Have We Learned?
The “hacking” world lives and breathes to exploit software weaknesses. The revelation that wealthy politicians, individuals, and celebrities use offshore vehicles to hide wealth to avoid paying taxes is nothing new or stunning. Many well-known and major companies have been hacked. It’s no longer a question if the hack will occur—but when. While it seems that no major laws have been broken for the most part, there’s a growing distrust of opaque offshore jurisdictions that may force companies to closely examine their own corporate structures. It’s up to their compliance departments to make it known that even the slightest association with offshore jurisdictions like the British Virgin Islands and Panama will raise eyebrows.
There’s going to be a lot of talk in the days, week, months, and years to come about boosting data security. Companies may have to, depending on the nature of their business, retain deep files on every customer; along with detailed records of employee conversations. Simply deleting data has never been a viable security option. In today’s world, there are always new style attacks and enterprises. Old style networks and defenses simply will not work.
Mistakes Companies Make Concerning Data Security
- Failure to truly understand potential threats against data, supplies, and employees.
- Failure to enact a cutting-edge security plan.
- Failure to regard data as a problem that can affect the business, rather than shoveling it off as simply an IT concern.
- A callus reliance on weak anti-virus and cyber products that are believed to be effective.
- Failure to effectively classify trade secrets and sensitive data.
- Failure to stay abreast of ongoing intelligence and technology.
Whether your company is large or small, the IT security companies that you partner with can make all the difference in the world. While companies do invest millions, even billions, of dollars on technology, many fail to invest in the human factor, which can be the weakest link in cyber security. Companies have a duty to make their employees are aware of security precautions. It all underscores the need to keep your WordPress plugins up-to-date.