Check .lt domain

NCSC tool for the inspection of the website security

The National Cyber Security Centre at the Ministry of National Defence (NCSC) cautions that with the growing number of the registered .lt domains in Lithuania (which has already exceeded 200 000), the number of the websites with security bugs and vulnerabilities is increasing.

The cyber security specialists notice the following reasons for insecure websites: the poor maintenance or the absence of maintenance (forgotten websites), the content management systems lacking updates, the remaining public access to the administration panel, the passwords that need to be updated, etc. It increases the threats to the visitors of the Lithuanian domain websites as their equipment can become the target of the malevolent acts. Most often, malicious software code is inserted in the website; according to its specifics, this code performs certain harmful activities, for example, the equipment gets involved in “botnet” activities, the visitors are being redirected to the false websites that try to collect their personal data or credit card data.

Tool for checking of the website security

During the last year’s scanning of the websites, 56 400 out of 118 000 top level .lt domain websites with content management systems were identified; 62% of them use the content management software which is not updated making them insecure in terms of disclosed vulnerabilities. Moreover, 37% of all the websites had open access to the website’s control panel. Therefore, malevolent people can try to hack the websites using the automatic generation of login names and passwords. Unfortunately, it has to be stated that malevolent people use these security bugs for their online activities, i.e., the websites become the target of cyberattacks.

Most often, the websites are attacked using automated tools. The hackers create malicious networks of the occupied computers that are scanning the websites accessible online and searching for their vulnerabilities – the components of the content management systems that are not updated – and using them to force a way inside. Malicious code finds the bugs and takes over the website’s control, inserts in the website’s existing files, creates the new ones and uses various tools hindering its detection. The infection can install the backdoor used to maintain control over the website in case its owner manages to remove a part of the damaged files or fix the existing bugs.

“Have you ever won a telephone while browsing online?” Such a notification about the alleged winning of a smart device is common in the occupied Lithuanian websites. Do not be surprised to see such a notification on the website you have known for a while – the unmaintained websites can become the victims of malevolent codes and start redirecting their visitors towards a harmful content which tries to collect the users’ data, gain financial benefit and infect their computers with viruses.

To ensure the security of the Lithuanian cyber space and the internet users, the National Cyber Security Centre conducts automatic inspections of all the Lithuanian websites in a special virtual environment – Sandbox – which identifies the threat level of the website using a set of special rules. When a potentially violated website is identified, the NCSC considers it a cyber incident and manages it as such by communicating with the website’s owner and otherwise making efforts to remove malicious code from the website. All the active .lt websites are periodically inspected; 600 000 inspections have already been conducted this year. The NCSC has registered 300 cyber incidents of this nature when activities of malicious codes are identified on the websites.

Since quite a large number of the Lithuanian .lt domain websites is being scanned, this technological process takes some time; therefore, independent work of security specialists who search for vulnerable websites and notify their owners about their security issues is a significant contribution to cyber security. There is an obvious trend of the increasing number of civic-minded people and socially-responsible companies, and the information about the identified vulnerable or violated websites reaches us more and more often. The currently discussed amendment of the Law on Cyber Security will legitimise the processes of the search for vulnerabilities and their responsible disclosure.

The National Cyber Security Centre prepared the recommendations for the implementation of cyber security instruments on the websites and their servers; they should be applied by the website owners to increase the resilience of the systems to cyber threats.

The cyber space is rapidly changing and unstable; therefore, the websites have to be regularly checked for newly occurring vulnerabilities. The website owners can inspect the vulnerability of their websites themselves, using the website security audit tool of the NSCS. It is a free tool for the inspection of possible security bugs on the website. It will provide the report on the situation using the OWASP (Open Web Application Security Project) methodology and specify the identified vulnerabilities. The website owners can use this information to rectify the identified deficiencies and improve the security status of their managed resources.

A website’s security can be checked here: https://site-check.cert.lt

More advice on the protection of the website is available here: https://www.nksc.lt

Prepared according to the information of the NSCS.
Published 2020-10-08