Wordfence Launches Cyber Attack Activity Report

No matter whether you run a personal blog or a professional website, you will find yourself at some stage, the victim of a cyber attack. These cyber attacks, often referred to incorrectly in the mainstream media as “hacking” can take a variety of forms including:
  • DDOS – distributed denial of service attacks engage networks of computers to bombard your server with requests
  • Brute force attacks – where the attacker attempts to guess your login details usually using an automated system that can send hundreds if not thousands of requests very quickly
  • Malware / spyware – where a piece of malicious code is inserted into your system which allows another person (or a program) to take over your computer
  • Ransomware – where a small program activates on your computer, encrypting all your data requiring the payment of ransom before you are sent a key to unlock your own machine.

Despite the relative openness and transparency on the web, few people or firms openly talk about cyber attack. This means it is difficult to gauge just how widespread these cyber attacks actually are and whether we should be personally or professionally concerned about this phenomenon.
Now, each month, creator of the WordPress firewall plugin, WordFence, have begun producing a regular report on cyber attacks. This report collates attack information based on the plugin’s install base (WordPress powered websites and blogs all around the world). And while this is just a subset of websites and platforms that live on the internet, it provides a great insight into cyber attacks, including:

  • The IP address from which the attack originated
  • Country of origination
  • Number of attacks launched
  • Types of attacks.
This first report reveals that 13 out of the top 25 IP addresses originate in the Ukraine. France comes in second with 7. As the report explains:
Most of these originate from Iliad Enterprises. Iliad is a large organization with many subsidiaries and over 4000 employees. They tried to buy T-Mobile in the USA 2 years ago. The netblock for these IPs is registered to Iliad, but the attacks may originate from one of many subsidiaries of Iliad, like the ISP ‘Free’ in France.
So, how many attacks are we seeing? The report states that there were:
  • 63 million complex attacks – attempts to exploit weaknesses in your website code, plugins or database
  • 67 million brute force attacks – attempts to guess your passwords and user IDs.
What can you do about your WordPress / web security?
One of the biggest holes in your website / WordPress security will be patches. Make sure you are:
  • Regularly patching your site – updating it with the latest changes
  • Regularly updating your plugins – turn off the plugins and functionality that you don’t use, and update the ones you do.
There are also some basic security approaches that you should implement, including:
  • Complex user passwords – require that your users all have complex passwords that consist of upper and lower case characters, numbers and symbols and have a substantial length (more than 8 characters)
  • Put in place a mechanism that blocks users after a small number of unsuccessful login attempts
  • Add a web firewall to monitor and protect your code from unauthorised updates.
Why should you care?
Even if you are running a small business, cyber security is an issue for you and your brand. Sites that are affected by malware, for example, will find themselves blacklisted by Google. That means that every time someone searches for your business or tries to visit your webpage, Google will step in and ask you whether you want to proceed to an “insecure” website. And then, of course, there are other issues – from loss of files, customer data and more.
Quite simply, these days, brands simply cannot afford to be lax. The good thing is, that there are a growing number of integrated solutions and plugins for most platforms. Take the time to secure your site and hopefully you won’t have to make the time to clean up a problem down the track.

Sleeping Giants Take on Fake News and Brands – Is Your Brand Ready?

We have all heard about the vast network of fake news sites that spread disinformation during the recent US Presidential Campaign. These sites use the same clickbait strategies that propelled sites like Upworthy to the top of the digital media scrapheap – inflammatory headlines, sensationalist stories and catchy hooks that tempt you to click just once more.
What Upworthy’s content strategy revealed was a unique combination of skilled teams, data and insights would help the organisation create content that was “viral ready”. As Joseph Lichterman explained in this Nieman Lab article:

Using the user data it’s collected, Upworthy found that elements like humor and a story structure that built in suspense would draw in readers and keep them on the page and better engaged.

This meant that even to tell a story with real information and verifiable facts, the goal for Upworthy was to grab and own the attention of readers as a priority, delivering news and information as a lower priority. As Amy O’Leary, Upworthy’s Editorial Director explained, “If I were to tell you, ‘Hey, I’ve got a 5,000-word piece on fast-food workers’ wages,’ very few people would be excited about that”. Instead the story would focus on building rapport with the audience, engaging through an imaginative framework of shared experience and emotionally engaging writing and opening up into the ethical challenges that come with enjoying something you eat while knowing the background and facts of its production. As O’Leary suggests, “I think we’re reaching deeper into people, because the approach is one of openness and not judgment”.

It’s worth reading more of the article to learn how Upworthy used data to drive its curation process – but what is fascinating (and concerning) is the way that this model has been co-opted by the fake news movement. By ignoring facts as the basis of news, these fake news sites have effectively defined a whole new genre of content catering to our own sense of digital isolation and disconnectedness. If we have learned anything from the last decade in this Age of Conversation, it is that when we (as consumers) come face-to-face with the vast anonymity of the internet, we rapidly seek our tribe – and we do so through the media at our fingertips – visuals, text, keywords. We seek the connection via keyword and conversation – and naturally enough find ourselves in an echo chamber.

Those of us who work with digital technology and audience strategy have – to be honest – been taking advantage of this approach for years. I often say that both love and hate Facebook and its targeting for I know how useful and powerful it is as a marketer, but equally how invasive and manipulative it is as a consumer. So much so that I consciously manage my engagement and sharing on Facebook and limit what I click on etc. But I also know that even my limited engagement there – and on every other digital channel – leaves enough breadcrumbs to be valuable to the brands and businesses seeking my attention. These days my choice to click comes down to context and location.

Because I know that every click rewards not only the brand but the advertiser too.

With the massive rise in programmatic advertising over the last two or three years, most advertisers and planners are unlikely to even know where their branded advertising will appear. It could appear on alt-right websites (the term used to mask white supremicist oriented websites), pornographic websites or even across the dark web. The powerful retargeting tools now in the hands of marketers and their trained algorithms means that ads that you first see on a mainstream website will follow you wherever you may go online. And while the web has some amazing resources, it also has some deep and nasty crevices.

So what do you do when your brand starts advertising in this murky digital world?
Imagine, for example, that you visited a fake news site with outrageous headlines and you did so out of curiosity. What kind of advertiser, you wonder, would support a platform that knowingly creates fake news and information that demonises your own audiences (the people who are your customers and supporters). This NY Times article explains such a situation:

One day in late November, an earth and environmental science professor named Nathan Phillips visited Breitbart News for the first time. Mr. Phillips had heard about the hateful headlines on the site — like “Birth Control Makes Women Unattractive and Crazy” — and wondered what kind of companies would support such messages with their ad dollars. When he clicked on the site, he was shocked to discover ads for universities, including one for the graduate school where he’d received his own degree — Duke University’s Nicholas School of the Environment. “That was a punch in the stomach,” he said.

Rather than to let this slide, the professor sent a tweet to his Duke questioning its affiliation with a “sexist and racist” site. Eventually this was sorted, as the NY Times revealed.
But in the background, a movement known as “Sleeping Giants” was arising to combat this kind of fake news. This shared Twitter account and network of followers are using a similar approach – naming and shaming the brands that support these fake news networks. The Sleeping Giants publish a list of brands who have discontinued their support for fake news sites – starting with the Breitbart network. But we can expect more of this kind of activity in the coming months and years. The question for brands in all this – do you know where and who your ad dollars go to? And how will you respond when you find your brand in places you don’t expect or want?