• Citrix ADC and Citrix Gateway version 13.0
• Citrix ADC and NetScaler Gateway version 12.1
• Citrix ADC and NetScaler Gateway version 12.0
• Citrix ADC and NetScaler Gateway version 11.1
• Citrix NetScaler ADC and NetScaler Gateway version 10.5
• Citrix SD-WAN WANOP software and appliance model 4000
• Citrix SD-WAN WANOP software and appliance model 4100
• Citrix SD-WAN WANOP software and appliance model 5000
• Citrix SD-WAN WANOP software and appliance model 5100

Website defacement is an attack on a website that changes the visual appearance of the site or webpage. It is similar to drawing graffiti, only it happens virtually as a kind of electronic graffiti and is a form of vandalism. These are typically the work of hackers, who break into a web server and replace the content the hosted website with one of their own. Attackers have different motivations when they deface a website. Political motivation is one, which is often used to spread messages by “cyber protesters” or hacktivists. Other attackers may choose to deface a website for fun – to mock site owners by finding website vulnerabilities and exploiting these to deface a website. In both cases, website owners face damages to their business and reputation once their sites are defaced.

Consequences of website defacement vary. Here are some consequences an organization may face after its website has been attacked.

• Potential Data breach: Due to the noticeable nature of web defacement, some hackers use them as a form of diversion. With everyone’s attention focused on the defacement, these hackers can then carry out more sinister activities without getting detected immediately. For instance, they could steal sensitive information, install malware, and perform privilege escalation or carry out other nefarious acts.
• Losing Customers: Visitors may be redirected to sites teeming with malicious code. They might be prompted to download malware onto their system or it downloads itself, undetected. In such cases, your regular and new visitors may be concerned about visiting your page in the future and you can potentially lose customers.
• Impact on PageRank and Traffic: Search engines rank your website according to a number of factors. A higher ranking website comes up first in the results of a search query. If your defaced website is flagged or identified as causing harm to its users, a search engine such as Google might add you to its blacklist. This means that you can lose up to 95% of website traffic that could be gained from Google search results.
• Effect on Brand Image: Internet users worry about safety during their online experiences. If they notice you have failed to establish security measures on your website, they automatically conclude that you are either completely negligent in securing your website or are extremely ignorant about information security challenges and threads. Such conclusions can be devastating for your organization’s image.

1. Security audits and penetration testing: Unpatched systems are a prime target for hackers since they are susceptible to numerous vulnerabilities. Other known vulnerabilities are unused open ports on servers which allow attackers to connect to servers without authentication, allowing remote execution of malicious code when connected to an unsecured networks. Regular security audits are helpful in evaluating the security posture of an IT infrastructure (operating systems, service and application flaws, improper configurations, or risky end-user behaviour) and better protect the systems hosting the website
2. Defend yourself against SQL injection attacks: SQL injection attacks involve the use of SQL statements inserted into data entry fields in order to affect the execution of predefined SQL statements. With the modified SQL statements, attackers have extracted sensitive information, obtained the authentication details of registered users on a website and corrupted databases making websites unusable. To defend against SQL injection, use parameterized statements that make sure that the inputs passed into SQL statements are treated in a safe manner. Escaping inputs from input fields which treats all inputs, especially special characters as part of the string, not the end of the string, also defends against SQL Injection
3. Defend yourself against Cross-site Scripting (XSS) attacks: Cross site scripting is when an attacker tries to pass scripting code into a web form to attempt to run unauthorized code on the website. It tricks an application into sending malicious script through the browser, which believes the scropt is coming from the trusted website. Each time an end user accesses the affected page, their browser will download and run the malicious script as if it was part of the page. To defend against XSS, validate the input which ensures the application renders the correct data and prevents malicious data from doing harm to the site, database and users.
4. Use defacement monitoring and detection tools: The effects of web attacks are leaving companies with a short time to react and perform damage control after an incident. Defacement monitoring and detection tools are one of the best solutions to monitor any defacement or unauthorized integrity change in the websites. These are some of the most used monitoring and detection tools: Banff Cyber’s WebOrion Defacement Monitor, Site24x7 and Nagios. Careful evaluation and configuration of the tools to detect both full and partial defacements involving HTML as well as linked images, scripts and stylesheets are important to ensure an effective tool is in place.
5. Prepare to respond to defacement incidents: What do we do when our website is defaced? A good detection tool only tells you when your website is defaced but not the action that is to be taken. It is therefore important to put in place a set of incident response procedures, and ensure that you have the right personnel to respond to a web defacement. The technical response team will likely involve the security manager, web masters/web developers and the web server team. It may also be important to have corporate communications prepare a public message to preserve the web reputation of the company and also have a maintenance webpage to inform customers. Make an action plan for handling the restoration process that will shorten the time for recovery.

Here are general minimal tips and advice from CERT-GH as precaution steps:

1. Do not click on any email attachment or links provided in emails, social media platforms or websites that you are not familiar with.
2. Apply security updates and patches and stay up to date with the latest system versions.
3. Report the incident to CERT-Gh on report@cybersecurity.gov.gh
4. Share the advisory and precaution steps among users in your organization and communities for awareness purposes.

Best Advice:

Website defacement can result in damage to a site’s reputation, loss of valuable information and user privacy, loss of money and loss of time. It is therefore expedient to put mitigation and prevention techniques in place. To conclude, keep these tips:

1. Keep software up to date
2. Watch out for SQL injection
3. Protect against XSS attacks
4. Beware of error messages
5. Validate on both the browser and the server side
6. Check your passwords
7. Avoid file uploads by users
8. User HTTPS
9. Get website security tools

Scammers use familiar company names or pretend to be someone you know. They ask you to click on a link or give passwords or bank account numbers. If you click on the link, they can install programs that lock you out of your computer and can steal your personal information. They pressure you to act now – or something bad will happen.

Check it out.
Look up the website or phone number for the company or person who’s contacting you. Call that company or person directly. Use a number you know to be correct, not the number in the email or text. Tell them about the message you got

Look for scam tip-offs.

• You don’t have an account with the company.
• The message is missing your name or uses bad grammar and spelling.
• The person asks for personal information, including passwords.
• But note: some phishing schemes are sophisticated and look very real, so check it out and protect yourself.
• Just place your cursor on the link you have been asked to click to verify the web address.

Keep your computer security up to date by installing an antivirus, update it regularly and back up your data often.
Consider multi-factor authentication – a second step to verify who you are, like a text with a code – for accounts that support it.
Change any compromised passwords right away and don’t use them for any other accounts.

• RDP devices are exposed to the internet
• RDP ports and services are being used as the initial attack vector in ransomware attacks
• Brute-force attacks have been increasing
• After successfully gaining credentials, attackers get full access to the corporate IT resources
• Leakage of sensitive information
• Spread of malware infection

• Out of the blue, you receive an email, text, or social media message that includes Zoom’s logo and a message saying something like, ‘Your Zoom account has been suspended. Click here to reactivate.’ or ‘You missed a meeting, click here to see the details and reschedule’
• You might even receive a message welcoming you to the platform and requesting you click on a link to activate your account
• Double check the sender’s information. Zoom.com and Zoom.us are the only official domains for Zoom. If an email comes from a similar looking domain that doesn’t quite match the official domain name, it’s probably a scam.
• Never click on links in unsolicited emails. Phishing scams always involve getting an unsuspecting individual to click on a link or file sent in an email that will download dangerous malware onto their computer. If you get an unsolicited email and you aren’t sure who it really came from, never click on any links, files, or images it may contain
• Resolve issues directly. If you receive an email stating there is a problem with your account and you aren’t sure if it is legitimate, contact the company directly. Go to the official website by typing the name in your browser and find the ‘Contact Support’ feature to get help.”
• Emails with subject line “Zoom Account” in the subject line and includes a welcome message for new users. Users are persuaded into clicking on a link to activate their Zoom account by entering their login credentials on a fake website controlled by cyber criminals
• Emails with subject line “Missed Zoom Meeting” informing users of missing a meeting. The message includes a link “Check your missed conference”, which take users to fake websites where user credentials are needed to login
• Emails with subject line “Meeting Canceled – Could we do a Zoom call”, target manufacturing, energy, IT, construction, marketing, technology, and other industrial firms with malware, not phishing. Cyber Attackers try to gain access to computer files, personal information such as usernames and passwords, and credit card details
• Emails that provoke a sense of urgency and panic, hence encouraging recipients to click on malicious links.
• Pay close attention to the spelling of an email or web page, if there are inconsistencies users should be cautious

1. Take caution when opening unrecognize emails. Especial emails from unknown people must be verified by doing background checks to know if the account holder is someone you know. Please do not reply or forward emails from unknown people.
2. Refrain from downloading files or clicking links in an email from unknown senders and any correspondence that you were not expecting. Always check the sender’s details and the embedded URL by hovering (do not click) your mouse over the sender’s email address and any links included.
3. Use strong and unique passwords for every account. Never use the same password twice. Using a password manager that can auto-generate a robust password is recommended
4. Ensure that all programs and operating system (OS) installed on your device are updated with the latest security patches.
5. The only official domains for the Zoom platform are zoom.us or zoom.com and look out for spoofed domains that sounds like the real domain when you read it, such as zooom.us.
6. The use of multi-factor authentication helps secure your account.
7. Users can reach out directly to zoom on their official websites, if worried that their accounts have issues.
8. Establish the meetings validity. By personally communicating with the sender and asking if the invitation is valid or not.

• Microsoft SharePoint Foundation 2013 Service Pack
• Microsoft SharePoint Enterprise Server 2016.
• Microsoft SharePoint Server 2019

• Protect your devices and networks by keeping them up to date: use the latest supported versions, apply security updates promptly, use antivirus and scan regularly to guard against known malware threats.
• Prevent and detect lateral movement in your organisation’s networks
• Set up a security monitoring capability so you are collecting the data that will be needed to analyse network intrusions.
• Review and refresh your incident management processes.

• Multi-factor authentication (MFA), simultaneously using multiple pieces of information to verify your identity, is becoming more common. (MFA is sometimes referred to as two-factor authentication.) Even if an attacker obtains your password, they may not be able to access your account if it is protected by MFA. The theory behind this approach is like requiring two or more forms of identification or two keys to open a safe deposit box. You should turn on MFA where it is available. Authentication categories include something you know, something you have, and something you are.
• Something you know – This includes passwords or pre-established answers to questions.
• Something you have – This could be a small physical token such as a smart card, a special key fob, or USB drive. You might use this token in conjunction with a password to log into an account. However, software-based tokens are also common. These software-based tokens can generate a single-use login personal identification number (PIN). Other variations include SMS messages, phone calls, or emails sent to the user with a verification PIN. These token PINs can often be used only once and are voided immediately after use. So, even if an attacker intercepts the exchange, the attacker will not be able to use the information again to access your account
• Something you are – Biometric identification can include scanning of eyes (retinas or irises) or fingerprints, other facial recognition, voice recognition, or authentication through signatures or keystroke movements. A common example of biometric identification is the fingerprint scanner used to sign in users on many modern smartphones
• Another form of verification is the use of personal web certificates. Unlike certificates used to identify web sites, personal web certificates are used to identify individual users. A website using personal web certificates relies on these certificates and the authentication process of the corresponding public/private keys to verify that you are who you claim to be. Because information identifying you is embedded within the certificate, an additional password is unnecessary. However, you should have a password to protect your private key so that attackers cannot gain access to your key and represent themselves as you. This process is like MFA, but it differs—the password protecting your private key is used to decrypt the information on your computer and is never sent over the network.

• "Salt and hash" passwords. Salting is the addition of unique, random characters to the password before it is hashed. The salt value should be no less than 32 bits in length. Hashing is the process of scrambling a password using a set algorithm.
• Use strong authentication recovery mechanisms. Weak authentication recovery mechanisms can be misused to allow an attacker to gain unauthorized access to an affected system. Strong mechanisms prevent unauthorized access to an account or to reset the user's password.
• Implement an account lockout policy. Account lockout should initiate after a pre-defined number of failed attempts.
• Set accounts to automatically disable. Accounts should be disabled after being inactive for a pre-defined amount of time

• Suspicious sender’s address. The sender's address may imitate a legitimate business. Cybercriminals often use an email address that closely resembles one from a reputable company by altering or omitting a few characters.
• Generic greetings and signature. Both a generic greeting—such as “Dear Valued Customer” or “Sir/Ma’am”—and a lack of contact information in the signature block are strong indicators of a phishing email. A trusted organization will normally address you by name and provide their contact information
• Spoofed hyperlinks and websites. If you hover your cursor over any links in the body of the email, and the links do not match the text that appears when hovering over them, the link may be spoofed. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Additionally, cybercriminals may use a URL shortening service to hide the true destination of the link.
• Spelling and layout. Poor grammar and sentence structure, misspellings, and inconsistent formatting are other indicators of a possible phishing attempt. Reputable institutions have dedicated personnel that produce, verify, and proofread customer correspondence
• Suspicious attachments. An unsolicited email requesting a user download and open an attachment is a common delivery mechanism for malware. A cybercriminal may use a false sense of urgency or importance to help persuade a user to download or open an attachment without examining it first.

• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email
• Do not send sensitive information over the internet before checking a website's security
• Pay attention to the Uniform Resource Locator (URL) of a website. Look for URLs that begin with "https"—an indication that sites are secure—rather than "http.”
• Look for a closed padlock icon—a sign your information will be encrypted
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.
• Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
• Take advantage of any anti-phishing features offered by your email client and web browser
• Enforce multi-factor authentication (MFA).

• If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity
• If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account
• Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.

• Hardware: servers, PCs, laptops, tablets, and smartphones
• Off-the-shelf packaged software.
• Cloud services: including Software as a Service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS).

• Some applications are harmless, others include functionality such as file sharing and storage, or collaboration, which can present higher risks of data loss or leaks to an organization and its sensitive data.

• OAuth-enabled applications communicate cloud to cloud, and they are a blind spot for many organizations.

• The RSA study also reports that 63% of employees send work documents to their personal email to work from home, exposing data to networks that cannot be monitored by IT department. Shadow IT can also waste money if different departments are unknowingly purchasing duplicate solutions.

• Wasted investment. Shadow IT applications sometimes prevent full Return on Investment (ROI) from investments in systems that are designed to perform the functions now replaced by Shadow IT.

• Shadow IT creates a dysfunctional environment leading to animosity between IT and non-IT related groups within an organization

• Shadow IT increases the likelihood of uncontrolled data flows, making it more difficult to comply with compliance-centric initiatives.

• Shadow IT extends beyond work applications to employees’ personal devices such as smart phones or laptops (Bring Your Own Device (BYOD)). This puts IT department in the uncomfortable position of saying no to employees using cloud apps to do their jobs, going as far as to block access to a cloud app using the company’s firewall or web proxy. However, for every app that is blocked, there is evidence employees are finding other, lesser known and potentially riskier services.

• Continuously monitor the network for applications and systems.
• Conduct an audit, and ask your employees to come forward, promising that they will not face consequences for using shadow IT applications.
• Create a system for ranking and prioritizing risk. Not all applications outside of IT control are equally threatening.
Develop a list of devices approved for Bring Your Own Device (BYOD) use, and make sure employees know that “jailbroken” devices are prohibited.
• Develop an internal app store for all applications that have been evaluated and approved for use within the corporate infrastructure.
• Block applications that are deemed dangerous and require users to seek approval before downloading.
• Employees should be given a choice on what devices and applications they can use, it improves productivity, drives innovation and increases morale.

• A lot of companies have a bring-your-own-device policy, and that can really be an IT administrator’s nightmare, especially if you're bringing different mobile devices like cell phones and iPads onto a network that’s also operating with a bunch of different manufacturers’ equipment using different security settings. It is important to pay attention to access permissions so that, once a device is on the network, you can control what that device has access to
• You can secure cellular connectivity by setting up private VPNs and networks with your provider so that your operations are not accessible via the public network. And also create your own private tunnel within the network.
• Keep security software up to date. Having the latest mobile device security software, web browser, and operating system are the best defence against viruses, malware and other online threats. Security protections of mobile devices are built in and updated on a regular basis. Make sure all your mobile devices are running on the latest protections. This may require consistent and regular updates.
• Never click on links in unsolicited emails. Phishing scams always involve getting an unsuspecting individual to click on a link or file sent in an email that will download dangerous malware onto their computer. If you get an unsolicited email and you aren’t sure who it really came from, never click on any links, files, or images it may contain
• Review the privacy policy of software on your mobile devices and understand what data eg., location, social networks, media files, etc. the app can access on your device before you download.
• Only give your mobile device out to people you trust and never give anyone your password to get access to your device. But create guest accounts, as to restrict and give guest users needed permissions.
• If you are online through an unsecured or unprotected network, be cautious about the sites you visit and the information you consume or release
• Get savvy about Wi-Fi hotspots. Limit the type of business you conduct over any unsecure public network and adjust the security settings on your device to limit who can access your mobile device data over the public network.
• Stay informed and current with the latest updates of software on your mobile device. Keep pace with new updates and check trusted websites for the latest update
• Encrypt Your Data. Your mobile device holds a lot of data. If it is lost or stolen, your emails, contacts, financial information and more can be at risk. To protect your device data, you can make sure the data is encrypted. Encrypted data is stored in an unreadable form so it cannot be understood. Most mobile devices have encryption settings you can enable in the security settings.
• Install Anti-Virus Software. These programs can protect against viruses and hacking attempts
• When you are downloading software, be sure to download them from the official software websites and check reviews. Cybercriminals create rogue software that mimic trusted brands in order to obtain users’ confidential information. To avoid this trap, be sure to look at the number of reviews, last update and contact information of the organization.

1. Never leave your mobile device anywhere unattended to or out of your contact
2. Mobile devices must never be left on a vehicle’s seat or behind the driver’s seat or passenger’s seat or under any of the vehicle’s seat whilst you are driving, keep it in the boot. If you drive a pickup, keep it in the space behind the back seat.
3. Mobile devices must not be left unattended in a vehicle whilst you are out of/away from the vehicle.
4. Mobile devices must not be left unattended in the office overnight unless it is secured with a Kensington lock or locked away in a drawer.
5. When travelling by air or public transport, carry your mobile device with you everywhere as a carry-on.
6. Use a bag that is inconspicuous. Avoid flashy, branded or expensive bags that scream, “Laptop Inside!” or “I have a tablet or phone on me!”.
7. Do not use your mobile device near an exit (makes for a quick grab and run).

• Be careful about releasing your email address. Think twice before you respond to any request for your email address, on the web, verbally, or on paper. Spammers can harvest any email address posted on a website. If you give your email address to a company, that information is often entered into a database so that customer information and preferences can be tracked. If these email databases are sold to or shared with other companies, you can receive email that you did not request.
• Check privacy policies. Before submitting your email address online, look for a privacy policy. Most reputable sites will have a link to their privacy policy from any form where you are asked to submit personal data. You should read this policy before submitting your email address or any other personal information so that you know what the owners of the site plan to do with the information.
• Be aware of options selected by default. When you sign up for some online accounts or services, there may be a section that provides you with the option to receive email about other products and services. Sometimes there are options selected by default, so if you do not deselect them, you could begin to receive email from those lists as well.
• Use filters or spam tagging. Many email programs offer filtering capabilities that allow you to block certain addresses or to allow only email from addresses on your contact list. Many internet service providers (ISPs) also offer spam tagging services that allow the user the option to review suspected spam messages before they are deleted. Spam tagging can be useful in conjunction with filtering capabilities provided by many email programs.
• Report messages as spam. Most email clients offer an option to report a message as spam or junk. If your email client has that option, take advantage of it. Reporting messages as spam or junk helps to train the mail filter so that the messages are not delivered to your inbox. However, check your junk or spam folders occasionally to look for legitimate messages that were incorrectly classified as spam.
• Do not follow links in spam messages. Some spam relies on generators that try variations of email addresses at certain domains. If you click a link within an email message or reply to a certain address, you are just confirming that your email address is valid. Unwanted messages that offer an “unsubscribe” option are particularly tempting, but this is often just a method for collecting valid addresses that are then targeted for other spam.
• Disable the automatic downloading of graphics in HTML mail. Many spammers send HTML mail with a linked graphic file that is then used to track who opens the mail message. When your mail client downloads the graphic from their web server, the spammers know you have opened the message. Disabling HTML mail entirely and viewing messages in plain text also prevents this problem.
• Consider opening an additional email account. Many domains offer free email accounts. If you frequently submit your email address (for online shopping, signing up for services, or including it on something like a comment card), you may want to have a secondary email account to protect your primary email account from any spam that could be generated. You could also use this secondary account when posting to public mailing lists, social networking sites, blogs, and web forums. If the account starts to fill up with spam, you can get rid of it and open a different one.
• Use privacy settings on social networking sites. Social networking sites typically allow you to choose who has access to see your email address. Consider hiding your email account or changing the settings so that only a small group of people that you trust can see your address. Know that when you use applications on these sites, you may be granting permission for them to access your personal information. So, be cautious about which applications you choose to use.
• Do not spam other people. Be a responsible and considerate user. Some people consider email forwards a type of spam, so be selective with the messages you redistribute. Do not forward every message to everyone in your address book, and if recipients ask that you not forward messages to them, respect their requests.

1. They post contents of the official they are impersonating like pictures, campaign videos, twites, etc.)
2. There is always a sense of urgency. E.g., “Deadline for payment is today, failure to do so and your name will be taken out of the employment list.”
3. They promise to help their victims get employment.
4. They refer victims to call their referees to help them secure the job.
5. A said amount is coated to be paid, to aid in the purchasing of forms or processing of forms.

• More Security Vulnerabilities – By using end-of-support software and hardware, you are putting your organization at a higher risk for exploitation by malicious hackers.
• Technology Incompatibility – Holding onto end-of-support technology forces you to hold onto legacy software. The newest, more secure applications and software are not optimized for end-of-support.
• Higher Cost – If you are holding out on switching to a new operating system or away from legacy software because of operating costs, you have a wrong mindset.
• Poor Performance and Availability – Is critical application downtime worth the cost of a software or hardware upgrade.
• Non-Compliance Issues – Using end-of-support or end-of-life products could endanger the data you are responsible for. How will an auditor or regulator view that lack of effort?

• Upgrade the operating system/software
• Migrate to the cloud
• Re-platform the application

Organizations must follow a standard methodology for evaluating workloads on a case-by-case basis to determine the most appropriate migration path to meet the business needs for that application. A one-size-fits-all approach will likely result in some type of problem or missed opportunity—for example, spending time and resources trying to force an application down a path it was never meant to go, or alternately making a quick decision because “it would work” but missing out on a much more cost effective or efficient solution.

• Assess your current state: It is critical to get an accurate picture of the current state of your environment. Update your documentation, perform a fresh inventory, and map out system dependencies before starting research on potential upgrade paths
• Research your options: Do not necessarily take the first option that comes along. In many cases, there will be more than one way to approach any given workload. Compare various models and strategies and begin to group applications together either by dependency or by platform type
• Plan your strategy: Take your research and put specific details in place for each group of workloads. Build a matrix for upgrades, cloud migrations, and re-platforming opportunities. Create a plan to include inter-operability requirements and rollback plans in case any migrations run into issues prior to the deadlinen
• Implement the plan: Ensure that you have clearly defined success criteria for each workload. Perform proof-of-concept tests and validate prior to migrating production workloads
• Avoid the next cliff: Implement a software lifecycle management strategy. Work toward a more iterative update and upgrade methodology. Consider the advantages of planned 12-, 24-, and 36-month software upgrade cycles