Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project.
Entry Title: WHID 2011-89: China Implicated In Hacking Of SMB Online Bank Accounts
WHID ID: 2011-89
Date Occurred: April 26, 2011
Attack Method: Banking Trojan
Application Weakness: Insufficient Authentication
Outcome: Monetary Loss
Attacked Entity Field: Finance
Attacked Entity Geography:
Incident Description: This time it wasn't an "advanced persistent threat" that China was associated with: a fraud alert issued by the FBI today implicates China in a cybercrime operation that bilked U.S.-based small- to midsize businesses of $11 million over the past year.
Mass Attack: Yes
Number of Sites Affected: 20
Reference: http://www.informationweek.com/news/security/vulnerabilities/229402300
Attack Source Geography: China
Additional Link: http://www.ic3.gov/media/2011/ChinaWireTransferFraudAlert.pdf
Entry Title: WHID 2011-88: Yahoo! PH Purple Hunt 2.0 Ad Compromised
WHID ID: 2011-88
Date Occurred: April 24, 2011
Attack Method: Malvertising
Application Weakness: Improper Output Handling
Outcome: Planting of Malware
Attacked Entity Field: Search Engine
Attacked Entity Geography: USA
Incident Description: Earlier the other day, I was browsing through the Yahoo! PH site and the Yahoo! Purple Hunt 2.0 ad caught my attention. Curious, I clicked the ad and found my browser downloading a suspicious file named com.com.
Mass Attack: No
Reference: http://blog.trendmicro.com/yahoo-ph-purple-hunt-2-0-ad-compromised/
Attack Source Geography:
Planting of Malware links onto legitimate websites is a huge problem. This is especially challening for sites that leverage banner ad/affiliate networks as they lose some control over the integrity of the data that will be presenting within the context of their site. Organizations must implement some type of analysis of outbound data to ensure that they are not including malicious links within their content being sent to their users. SpiderLabs Research discussed how ModSecurity can use its new Google Safe Browsing API to both identify and clean malware links within response pages.
Entry Title: WHID 2011-87: PSN Admin Dev Accounts Got Hacked
WHID ID: 2011-87
Date Occurred: April 24, 2011
Attack Method: Brute Force
Application Weakness: Insufficient Anti-automation
Outcome: Account Takeover
Attacked Entity Field: Entertainment
Attacked Entity Geography:
Incident Description: Sony's PlayStation Network has been down since Wednesday and stayed kaput throughout the weekend. Sony has admitted that the outage was due to their network being hacked but has not given any further details. But now, a source closely connected with Sony Computer Entertainment Europe (SCEE) reports that the attack is much deeper than admitted by Sony. The source claims that the PSN sustained a LOIC attack (which created a denial-of-service attack) that damaged the server. Plus, it received concentrated attacks on the servers holding account information and breached the Admin Dev accounts.
Mass Attack: No
Reference: http://www.slashgear.com/psn-admin-dev-accounts-got-hacked-source-claims-service-to-return-by-tuesday-24148081/
Attack Source Geography:
This entry made it into WHID because of the outcome - data leakage of personal information. There is still much speculation as to the exact attack vectors used within the attack. The safe bet is that there were multiple vulnerablities that were exploited to dig deeper and deeper into the PSN developer network. This entry is labled as Brute Force solely becasue the new report stated that devleoper accounts were compromised.
Entry Title: WHID 2011-86: Cybercrime Extracts $399,000 from Florida Dentist's Account
WHID ID: 2011-86
Date Occurred: April 25, 2011
Attack Method: Banking Trojan
Application Weakness: Insufficient Authentication
Outcome: Monetary Loss
Attacked Entity Field: Online Trading
Attacked Entity Geography:
Incident Description: "Before the cybercriminals launched their TDoS attack, they found a way to obtain Dr. Thousand's Ameritrade account information and password. Victims in these cases are often targeted through phishing attempts or by clicking an innocuous-looking email link that downloads malware to their system. In this manner, criminals are able to capture account details, passwords and other personal information. Once they have access to an account, they can then change the contact numbers and impersonate the victim when communicating with the bank or broker."
Mass Attack: No
Reference: http://www.prweb.com/releases/2011/4/prweb8338409.htm
Attack Source Geography: USA
Another Banking Trojan incident... This time, however, the web application that was exploited was not a Bank but rather an online trading site (TD Ameritrade). The victim's computer was infected with the malware and then it was able to conduct fraudulent trades. What is an interesting twist in the attack scenario is that TD Ameritrade has a mechanism in place to validate suspicious trades - they would initiate phone calls to the customer to confirm the trades. So, what did the attackers do? They conducted DDoS attacks targeting the victim's telephone. The fatal flaw in this trading site's mechanism was that is was a "fail open" policy and if they could not get through to the customer, they allowed the transactions...
Entry Title: WHID 2011-85: IIM-B website hacked
WHID ID: 2011-85
Date Occurred: April 25, 2011
Attack Method: Unknown
Application Weakness: Improper Output Handling
Outcome: Link Spam
Attacked Entity Field: Education
Attacked Entity Geography: New Delhi, India
Incident Description: NEW DELHI: The website of the Indian Institute of Management-Bangalore has been hijacked by hackers peddling erectile dysfunction products like Viagra. The website, www.iimb.ernet.in, has been out of service for at least ten days.
Mass Attack: No
Reference: http://timesofindia.indiatimes.com/tech/news/internet/IIM-B-website-hacked/articleshow/8080736.cms??prtpage=1
Attack Source Geography:
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.