cyber attacks

Brute-Force Attack on WordPress blogs and Joomla Sites

April 15th, 2013

At present, Thousands of WordPress and Joomla sites are under brute-force passwords attacks by a large botnet. This calls for administrators to take the charge by making sure that they all have strong passwords and uncommon usernames for their installations on WordPress and Joomla.

According to reports from CloudFlare, HostGator, and several other company reports, the cyber criminals have been significantly stepping up on brute-force, dictionary-based login attempts, during the past few days against the WordPress blogs and Joomla sites. These kinds of cyber attacks looks for familiar account names, such as “admin,” and tries to systematically enter with common passwords on the site in order to break into the WordPress or Joomla accounts.

These kinds of cyber attacks warns the administrators, which in turn let them stop perpetrators from breaking in getting access to their sites, as that would lead attacker to mutilate the site or embed malicious codes to infect other people with malware. However, the highly organized nature of the cyber attacks, and its large-scale application implied even more menacing goals. It appears now, that the attackers are likely to make an attempt to get a foothold onto the server in order to figure out a way to take over the entire machine. Generally, web servers are more powerful and carry bigger bandwidth pipes than home computers, making them more attractive targets for the cyber criminals.

“The attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack,” informed Matthew Prince – CEO of CloudFlare, on his company blog.

According to researchers, they believe that “The Brobot botnet” are behind all the massive denial-of-service attacks or cyber attacks which were against the U.S. financial institutions, made up of compromised Web servers. Following this discussion, Prince said, “These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic.”

Accounts that are Brute-Forced

For the purpose of attacking the WordPress blogs and Joomla sites, the cyber criminals are using brute-force tactics to break into the user accounts of these sites. And the top five user names being targeted by the attackers were “admin,” “test,” “administrator,” “Admin,” and “root.” In order to brute-force attack a particular site, the perpetrators systematically tried  out all the possible combinations of passwords until they successfully logged in to the accounts and hacked it ultimately. For the attackers, it is easy for them to predict and figure out simple passwords which are in number sequences and dictionary words, also when a botnet automates the entire process. The top five passwords being attempted in this attack happen to be “admin,” “123456,” “111111,” “666666,” and “12345678.”

When a user creates an account on these sites with a common username and common password, they should immediately change it to something less obvious and familiar, to avoid any kind of cyber attacks.

“Do this and you’ll be ahead of 99 percent of sites out there and probably never have a problem,” Matt Mullenweg, creator of WordPress, wrote on his blog.

Surge in Cyber Attack Volume

As per Sucuri’s statistics, indicates that the attacks were still increasing. And the company had already blocked 678,519 login attempts in December, followed by 1,252,308 more login attempts blocked in the month of January, 1,034,323 login attempts in February, and 950,389 attempts in March, Daniel Cid, CTO of Sucuri, on the company blog. However, in the beginning 10 days of April, Sucuri has already blocked 774,104 login attempts, Cid said. That’s is quite a significant jump, going from 30 thousand to 40 thousand cyber attacks per day to about 77,000 per day on an average, and there have been days when these attacks even exceeded 100,000 per day, this month, Sucuri said.

“In these cases, by the sheer fact of having a non- admin / administrator / root usernames you are automatically out of the running,” Cid said, before adding, “Which is kind of nice actually.”

Hints of a Large Botnet

The cyber attacks volume is a hint at the size of a botnet. Sites like HostGator made an estimate of at least 90,000 computers involvement in these kinds of attacks, and CloudFlare believes “more than tens of thousands of unique IP addresses” are being used for the same.

What is a Botnet?

A botnet is basically, made up of several compromised computers receiving instructions from one or more than one centralized command-and-control-servers, and then executing those commands as per the requirements. For most of the times, these computers have been infected with some kind of malware and sometimes, the user is even unaware of the fact that the attackers are controlling the machines.

Updated Software and Strong Credentials

The actual thing to worry about all these attacks is that the cyber attacks against the popular content management systems are not new, but the sheer volume and sudden increment in them. At this situation, there is not much an administrator can do, apart from using a strong username and password combination making it more complex for the attackers and also by ensuring the CMS and associated plugins are up-to-date.

“If you still use ‘admin’ as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress,” Mullenweg said. An updated version of WordPress released three years ago, that was WordPress 3.0, which allowed its users to create a username which can be customised too, so there was no reason to use an “admin” or “Administrator” as a password.

Protect yourself with Alertsec

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

Enhanced by Zemanta

Apple App Store Unsecure

March 21st, 2013

In a statement by Google security researcher Elie Bursztein, Apple’s App Store servers didn’t encrypt all the communications with iOS clients, which left users exposed to several potential cyber attacks until late January.

In a blogpost on Friday, Bursztein said that, “The Apple App Store and associated applications, such as the Newsstand, are native applications provided by default with iOS to access and/ or purchase content from the Apple App Store”. He concluded, “While the Apple App Store is a native iOS app, most of its active content, including app pages and the update page, is dynamically rendered from server data.” For the purpose of infusing rogue content into applications, network attackers might have exploited lack of HTTPS (HTTP secure) encryption for specified parts of the communication between Apple’s App Store iOS clients and the servers, he said. With this technique, attackers aim to trick apple users into password exposure by infusing fake password into the App Store app, which in turn force users to install and buy rogue applications with alteration in purchase parameters on the fly, trick users into installing rogue apps by passing them as updates for already installed apps, prevent the users from upgrading and installing specific apps, or check what apps they have already installed on their devices.

When the tech giant enabled HTTPS for app store active content by default, such attacks were possible until Jan 23. Later, the Apple, figured out the change itself in support listing that fixes on its websites and two other researchers along with Bursztein, credited with reporting issues. It is happening because of the fact that users devices’ are not protected with data encryption software which is vital for any device that feeds on technology. So there it calls for a data security.

Google researcher claims to have reported about the cyber attacks to Apple early in July, last year. “I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users,” he said. he also emphasized on using data encryption software.

Like most of the cyber attacks scenarios which are exploiting the data security as well as the lack of full-session HTTPS on websites, the cyber attacks on App Store found by Bursztein could have been easily executed against iOS users who connects to public Wi-Fi networks like those who are found in airports, coffee shops, libraries, filling stations and other public spaces, by encryption process

The researcher interpreted all those cyber attacks in detail in his blog post. Precisely, he also published few video demonstrations for the clients in general, as well as the users, on YouTube showing how the cyber attacks would have appeared to targeted iOS users.

He said, “I decided to render all those attacks public, in hope that it will lead more developers (in particular mobile ones) to enable HTTPS,”. “Enabling HTTPS and ensuring certificates validity is the most important thing you can do to secure your app communication.” Before doing so, always keep data security in mind.

During past few years, major Internet giants like Facebook, Google, and Twitter enabled always-on HTTPS in order to ensure users’ data security for their on-line services.

Paul Ducklin, the head of technology at Sophos (Asia-Pacific) told in a blog post on Saturday, “Apple, it seems, didn’t bother with HTTPS everywhere, even for its own App Store, until 2013,”. “Since there’s no other place to shop when you’re buying or selling iDevice software, and since Apple likes it that way, you might think that Cupertino would have set the bar a bit higher.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Review of Chinese Cyber Security Threat

March 19th, 2013

In a recent study revealed by New York Times, a leading International Security Consulting Firm, Incident Management Group, Inc. (IMG) will be reviewing a corporate security policy in China. It is due to the fact that a computer security threat has been found, posed by Chinese hackers.

This had led IMG to examine Chinese cyber security and computer security for global corp. The New York based news agency, highlighted a report released by Mandiant, another cyber security firm, which focussed on the attempts by the Chinese military to conduct such cyber attacks on The States (US) and some western companies. It has been suspected that these Chinese hackers, especially those associated with military, targeting western firms in order to obtain intellectual property and technology, for years. Despite this article, added weight to the growing suspicion and drawn attention to all the hacking groups around the world, including China. In response to this, IMG is looking for ways to enhance the computer security, cyber security posture as well as to monitor data theft protection of its client partners by enforcing effective data security policies and ensuring full disk encryption for the computer protection.

In light of the news article about western organisations being the target of the Chinese hackers, IMG is planning to conduct a cyber security review to see how full disk encryption can be done and cyber security posture can be increased to implement data security policy. However, for IMG computer protection for data security must be overlooked as an element of institution’s computer security and cyber security framework. Given that the hacking groups have military as well as state support, it is critical for organisation to take a 360 degree view of data security. By doing so, they will ease threats, that are posed by Chinese hackers.

It is possible that either to take advantage of China’s position as a leading global manufacturing base or their growing  business economy, many large corporations are eager to be present, as a target for sales and marketing efforts in the Chinese market. in either cases, Companies need to have a robust encryption software or data security program who are carrying their business with/ in China. n this growing digital technology world, it is paramount to have an active computer security software protection for companies and that should be based on an active evaluation of all data security risks. Physical data security, such as employee access can be a gateway to cyber attacks, hacking and crime; as well as vice-versa.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta