TDIC Site Upgrade Plan
- Catherine Foss (Unlicensed)
- Sydnee Funke (Unlicensed)
Overview of the Situation:
On 9/8/2020, there were multiple attacks perpetrated on tdicinsurance.com, taking the site down at least twice in a 24-hour period.
IT partnered with 10 Lb to investigate the root cause, and logs point to outdated/unsupported DNN module vulnerabilities as the entry point. It appears the site was hacked but there was no data dump.
The most immediate concern at this point is malware and user vulnerabilities. But the larger concern is how to address the vulnerabilities to prevent this from happening again.
Assessment from 10 Lb:
TDIC is running on DNN version 07.04.02, which was released in October 2015. The last supported version of DNN is from 2016.
DNN version 07.04.02 is one that has many security vulnerabilities; according to 10 Lb, the version is “right in the middle of the worst” of a number of consecutive DNN versions with major security vulnerabilities. The top priority is upgrading the site to the most recent version of DNN (09.06.01).
The PackFlash module is a known major security risk. 10 Lb recently helped another organization in a similar situation to migrate content from PackFlash into a stable and secure module that works on current versions of DNN, and that is the other main priority. For reference: http://www.packflash.com/. PackFlash is currently used for TDIC’s menu, several list modules, and publications like Liability Lifeline and RM Matters.
There is no way to ensure tdicinsurance.com is secure without completely eliminating the PackFlash module and any PackFlash add-on modules.
Solution/Approach:
Set up clean instance of TDIC from the oldest backup, with no content (conventional wisdom would indicate the breach actually occurred prior to 9/8/2020, and the hackers waited a certain period of time to exploit it)
Remove any problematic modules; upgrade those that can be upgraded
Export PackFlash content into Easy DNN News or other secure module
Upgrade DNN
When the site is upgraded/stable, import the content and assets
Next Steps, 10 Lb:
Today (9/9):
Mark is contacting Geoff to get the oldest backup possible of the site and will create a new instance on his local machine
Chris will identify and create a list of all modules used on the TDIC site. In particular, Chris will be identifying the use of the PackFlash modules (TDIC uses multiple types of PackFlash modules). Due to the fact that 10 Lb recently worked through this issue with another client, they already have scripts written to help facilitate this process.
This week and weekend:
Mark and Chris will work through the audit of the modules to recommend which ones should be phased out or upgraded, which will give them a good idea of how long it will ultimately take to upgrade the site. Due to the severity of the situation they will be prioritizing this work and will work through the weekend so they can get us an estimate and timeline of next steps by Monday (or early next week, depending on the audit). They will keep us updated about their findings.
Next Steps, CDA:
Geoff:
Provide backup/support to Mark as requested
Assist 10 Lb with getting access to the DNN store or provide them with licenses to modules that can be upgraded
Alexis/Kristine:
Compile a list for 10 Lb of content/sections on the TDIC website that are a top priority (ie there are legal or other reasons that these sections should be handled first).
Compile a list of sections that are of lower priority so that 10 Lb can be sure they are focusing their efforts on the top priority items first
Work with TDIC stakeholders to put together an emergency communication and backup plan in the event that the website does go down. We don’t expect this to happen, but we should be prepared in the event that it does.
IT/all:
We will meet as a group with 10 Lb early next week to discuss the findings of their audit, timing, and next steps.
Risks:
We will be discussing steps to take to secure the site during Presents this week, but we do not know for certain that we can prevent this from happening.