Website security has become a continuous do-loop of attackers exploiting vulnerabilities in software of ever-increasing complexity and software engineers developing new defenses and patches. It’s almost impossible to keep up with the cat-and-mouse game, but the United States Computer Emergency Readiness Team (US-CERT) tries to do just that through alerts and a blog of high impact security incidents. Here’s a quick summary of some recent incidents you’ll find on their website.
In early May 2013, attackers took advantage of multiple vulnerabilities in Adobe Reader, Adobe Acrobat, and Oracle Java 7 to compromise the websites of WTOP Radio and Federal News Radio. The attacks appeared to be financial in nature. The exploit delivered a variant of the “ZeroAccess Trojan,” which, according to Symantec, downloads an application to the compromised computer that conducts “click fraud” by clicking on “pay per click” advertising. The exploit also delivered fake anti-virus software, FakeAV/Kazy, which tries to lure the user of a compromised machine into paying for non-existent software. Adobe has provided updates and Oracle has released a security alert to address the threat. This was not the first malware attack on media organizations — for example, the New York Times and Fox News have been hacked as well. In fact, all types of enterprises are vulnerable, as demonstrated by other recent attacks in the financial and defense sectors.
Microsoft releases monthly security bulletins that summarize various vulnerabilities found in their software. The May update identified 10 vulnerabilities alone, bringing the 2013 total to 46. Multiple private users reported these vulnerabilities to Microsoft; affected applications include Windows, Internet Explorer, .NET Framework, Lync, Office, and Windows Essentials. The Microsoft Security Bulletin provides detailed information on these vulnerabilities. For example, the most serious vulnerability involves luring a user to a rogue webpage that then gains control of the user’s computer. This vulnerability could be particularly dangerous if a user has administrative user rights on a large system. A less-serious vulnerability involves an attacker sending a rogue HTTP packet to an affected system and causing a denial of service.
In March 2013, South Korean computers were attacked with malware since named “DarkSeoul.” Although the malware was specifically targeted against South Korean computers, there are still good lessons to be learned. The malware wiped the master boot record and other files from affected computers, was effective against multiple operating systems and, despite being relatively unsophisticated, created high damage.
In addition to the above, your website needs StopTheHacker! You always want to make a great first impression, so in addition to scanning for malware every day, why not also use SaveTheHacker’s Webface Defacement Detection to scan your wesbsite’s face to the world every day? Get some peace of mind today.