APWG Incident Response Plan For Hacked Websites

I discovered today an important resource for all webmasters or site owners who fall prey to a hacking attack initiated by phishing groups.

What to Do If Your Website Has Been Hacked by Phishers is an extensive guide written by APWG experts and contributing researchers from FBI, Microsoft, Google, Universities and Banks.

The guide walks the phishing attack response plan step by step providing valuable tips and suggestions on how to handle a phishing hacking incident responsibly

• Identification
• Reporting (Notification)
• Containment
• Recovery
• Follow-up

On paper, the plan looks good , but I have my doubts that webmasters will keep their cool and not delete the phishing website once they find out about it.

Read the whole guide here (PDF)
 

Thank you for reading this post. You can now Read Comments (3) or Leave A Trackback.  Print This Post

Post Info

This entry was posted on Tuesday, March 3rd, 2009 .

Tagged with: Articles, phishing

You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.

Previous Post: Twitter Weekly Updates for 2009-03-01 »
Next Post: Twitter Weekly Updates for 2009-04-05 »

Read More

Related Reading:

• Starting A Computer Security Incident Response Team ?
• Twitter Weekly Updates for 2009-06-07
• PhishTank vs. Anti-Phishing Working Group
• New WAF tool -REMO- the graphical rule editor for ModSecurity
• Writing Software Security Test Cases

• Back to the Homepage

Latest Posts:

• Animated Presentation on Sony PSN Hack
• ArcSight Tip #1 – arcsight managersetup notification test
• I’m a CISSP
• Operation:Payback or Social Vendetta is Here
• I got owned by Malware Destructor 2011 Virus
• New Downtime Cost Calculator by Storagepipe.com. What if ?
• Securing Your Network from Web Threats
• My Twitter Notes on 2010-07-25
• New NetWitness Visualize : Welcome To The Future!
• My Twitter Notes on 2010-07-18

3 Responses to “APWG Incident Response Plan For Hacked Websites”

• 1
  dblackshell
  March 3rd, 2009 16:17

  Interesting guide, even if useful such scenarios are pretty rare. And I think we’re gradually loosing focus from the phising threat. If we would like to truly diminish it we should focus more on informing the end user about it and how to protect against it, because a large amount (vast majority) of phising attacks are based on social engineering.
• 2
  ZACHARY - Hotéis Em Lisboa
  April 25th, 2009 02:56

  Thanks for this presentation if the guide. I think nowadays a lot of people are worried about wat to do if the Website has been hacked by phishers. I’m worried about phishing attacks too. I would like to truly diminish them
• 3
  Tort King
  June 10th, 2009 21:34

  LOL, NO ONE could hack my site. I do all the security myself. beatthecourt.com

Leave a Reply

Dragos Lungu Dot Com

Security Tools and Tips

• Subscribe
• HOME
• About
• My Services
My Reviews