Fool Me Once, Shame On You. Fool Me Three Times…

Fool me once, shame on you.

Fool me twice, shame on me.

But what if you fool me three times?

That, perhaps, is not a question Jamie Oliver is contemplating following the news that his website has been compromised for the third time in as many months.

Much like the previous two attacks (one came in February, the other in March), the celebrity chef’s WordPress site (we did warn you about the dangers that can befall an insecure installation of that particular CMS) has once again been hit with a password stealer.

Malwarebytes explains how visitors to any page of the site are being redirected to the Fiesta exploit kit.

Fortunately the good folks at Malwarebytes have done the responsible thing and informed Jamie Oliver’s team, presumably in advance of publishing their post, and report how the website admins have acknowledged the issue and are working to resolve the issue, hopefully for good.

The question, however, is why the problem was reoccurring in the first place.

While it would be tempting to say that such a site should never get hacked in the first place, that would be a rather simplistic, not to mention flippant, remark considering the determination of attackers and the myriad ways they have of gaining entry to a system.

As anyone in security should tell you, the point of having defences in place is to lessen risk, not remove it completely, so in some respects I can accept that a site, any site, can be compromised once.

But three times?

Well, there are reasons why a site could be repeatedly compromised.

As Daniel Cid recently wrote, there are four main reasons why web sites find themselves repeatedly attacked:

Sucuri blog

So that could certainly explain why Oliver’s site is continuing to experience issues though I wonder if it should?

If a small, rarely updated personal blog run by a hobbyist with little traffic was repeatedly attacked it would be unfortunate of course but, perhaps, not entirely unexpected due to the likely lack of security expertise possessed by the owner.

But Jamie Oliver’s site?

We know Oliver has a team – it proffered the following quote to the BBC:

We’ve implemented daily.. malware detection scans, also an industry leading web application firewall to protect against all common security attacks.. which has been blocking numerous hacking attempts.

We’re working with a number of security companies to find the issue once and for all. We’re also running daily manual checks which have detected and cleaned a number of threats although it’s important to note that we have had no reports from any users that have been put at risk.

But said team hasn’t, until now at least, been on the ball it appears and – according to Graham Cluley – said BBC report was the only place the chef’s mainstream fans would have likely visited that carried news of the malware attack – Oliver’s site makes no mention of it at all.

So, with a story that says much about WordPress, website security and incident response, the moral, it seems, rests with Malwarebytes which said “the best way web users could protect themselves from becoming a victim of such attacks was to keep their security software up-to-date”.

Sound advice indeed because you never know what’s going on behind the scenes of your favourite website.

Leave a Reply

Your email address will not be published. Required fields are marked *