HALOCK Pandemic Breaches Bulletin: Attackers Hijacking Web Server Resources – June 26, 2020

During the pandemic HALOCK and the information security community have been responding to a significant spike in cyber security incidents. Threat actors have been using strikingly similar attack patterns to exploit vulnerabilities to remote work environments. These bulletins alert you to these common vulnerabilities, and what you should do to address them.

Attackers Hijacking Web Server Resources

Incident Summary: Cyber criminals hijacked external web servers to host illegal video stream links. E-commerce sites were no longer available, thus impacting the company’s revenue and potential reputational damage.

The organization spent valuable resources recovering systems and configuring preventive solutions.

DESCRIPTIONVULNERABILITY
Adversaries performed reconnaissance across the internet looking for exploitable web services. The attackers identified several vulnerabilities within Telerik UI allowing them to compromise encryption keys and exploit known vulnerabilities.

Executable scripts were uploaded to the sites to host web links for illegal media streaming services. The web server was also configured as a mirror site to distribute malware.

The organization was alerted to the incident after users reported slow responses within the e-commerce website, eventually leading to a denial of service (DoS) attack.

The impact of the security breach was increased due to multiple weak security controls.

    • Application patch management missing from Patch Management program.

 

    • Lack of external vulnerability scans.

 

  • Application penetration testing has not been performed.
TESTING FOR THE VULNERABILITYMITIGATING THE VULNERABILITY
Define measures to ensure implemented security controls remain intact and weaknesses are identified, including:

 

    • Scan external services for known vulnerabilities.

 

  • Perform application static and dynamic code analysis.
Establish the following security controls and solutions to prevent data exfiltration and reduce the impact of a data breach:

    • Stay abreast on known vulnerabilities through scheduled penetration tests and vulnerability scans.

 

    • Include vendor and application patches as part of the monthly patch cycle.

 

  • Include static and dynamic application testing as part of the software development life cycle.
 

WHAT YOU MUST DO NOW

  • Schedule an on external web applications.
  • Perform an external vulnerability scan.
  • Patch external application and systems.
  • Establish secure coding standards and code analysis tools within the software development lifecycle.

 

COMPREHENSIVE ADVICE

HALOCK can also walk you through a more comprehensive list of vulnerabilities that we are seeing in the field. Contact us here and select “Secure Home-to-Office Transition Discussion” as your Area of Interest. We will have a HALOCK team member reach out to you to schedule a call.

CYBER SECURITY SERVICES TO MITIGATE YOUR RISKS

HALOCK also provides the following solutions to help our clients prevent these types of attacks.

HALOCK Threat Monitoring and Data Protection Partner Solutions

  • Sophos Endpoint Protection
  • Carbon Black Cloud-native Endpoint Protection
  • Imperva Web Application Firewall