Drupal's recent problem with the Twitter module provides a crucial lesson for all of us: a proactive, vigilant approach to security -- i.e. practices such as continuous monitoring, which we'll explore a little in this post -- are becoming a necessity in an online environment saturated with black hat hackers.

The Twitter Module Flaw

In Drupal versions 6.x and 7.x, the Twitter module had some slight security issues, to say the least. It did not check for access in the proper way, which meant that any authenticated Twitter user could sneak into your Twitter account, post a tweet, change your account settings, or even delete your account.

Drupal issued a request to users to update their Twitter module to the latest version to fix the security bug.

Continuous Monitoring

The term "continuous monitoring" has become popular. And it means exactly what it sounds like: companies enact policies and procedures that enforce 24/7 close monitoring of their infrastructure. Information-Age.com defines it this way:

The main role of continuous monitoring is to keep your security team constantly aware of newly detected vulnerabilities, weaknesses, missing patches and configuration flaws that appear to be exploitable.

Part of the reason for the urgency is the rise of "zero-day exploits," which are vulnerabilities in software that no one previously knew about and for which a patch does not exist.

The Pressure is On: In Competition with Black Hats

As Information Age points out in their article linked above, black hat hackers have developed their own continuous monitoring capabilities. In some cases, they will even patch the vulnerabilities of a website -- without the owner's knowledge -- after they've exploited the weakness.

Why?

Because these cyber gangs, groups of black hats who function like well-coordinated attack squadrons, don't want the competition (other black hat cyber gangs) also exploiting your site's weakness. Black hat hackers will claim your site as their turf and actually use continuous monitoring to protect it against other black hats. (After, of course, they've exploited your site for their own purposes.)

Drupal Security Team Warns About the Speed of Black Hats

Well-organized black hat cyber gangs are so efficient, and in many cases so well-equipped with their own in-house continuous monitoring technology, that they will detect vulnerabilities before anyone else does -- even before Drupal.

When a weakness in Drupal 7 was detected, this announcement from Drupal demonstrates how fast the Black Hats can exploit a vulnerability:

Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.

Continuous Monitoring Isn't Easy, But It's Becoming a Necessity

The question is simple: do you want black hat hackers or your company's IT/Security team to do your continuous monitoring for you? If black hat hackers rely on continuous monitoring to be successful, then companies and website owners must respond in kind and fight fire with fire.

That doesn't mean it's easy, of course. It requires systemic transformation. As quoted by Information Age, Jan Schreuder of PwC sympathized with the challenges that continuous monitoring creates: "...[it] represents a significant change to the way IT departments operate, and to be successful it requires significant commitment through leadership support, enforcement, and system owner responsibility and accountability."

Thankfully, Drupal responds quickly to security crises, but there's only so much it can do. Each user has a responsibility as well, and continuous monitoring has become an unavoidable necessity for security vigilance.

Contact us for more information on how we can help monitor and protect your Drupal website against security vulnerabilities.