HALOCK Pandemic Breaches Bulletin: Attackers Hijacking Web Server Resources – June 26, 2020
During the pandemic HALOCK and the information security community have been responding to a significant spike in cyber security incidents. Threat actors have been using strikingly similar attack patterns to exploit vulnerabilities to remote work environments. These bulletins alert you to these common vulnerabilities, and what you should do to address them.
Attackers Hijacking Web Server Resources Incident Summary: Cyber criminals hijacked external web servers to host illegal video stream links. E-commerce sites were no longer available, thus impacting the company’s revenue and potential reputational damage. The organization spent valuable resources recovering systems and configuring preventive solutions. | |||
DESCRIPTION | VULNERABILITY | ||
Adversaries performed reconnaissance across the internet looking for exploitable web services. The attackers identified several vulnerabilities within Telerik UI allowing them to compromise encryption keys and exploit known vulnerabilities. Executable scripts were uploaded to the sites to host web links for illegal media streaming services. The web server was also configured as a mirror site to distribute malware. The organization was alerted to the incident after users reported slow responses within the e-commerce website, eventually leading to a denial of service (DoS) attack. | The impact of the security breach was increased due to multiple weak security controls.
| ||
TESTING FOR THE VULNERABILITY | MITIGATING THE VULNERABILITY | ||
Define measures to ensure implemented security controls remain intact and weaknesses are identified, including:
| Establish the following security controls and solutions to prevent data exfiltration and reduce the impact of a data breach:
| ||
WHAT YOU MUST DO NOW
|
COMPREHENSIVE ADVICE
HALOCK can also walk you through a more comprehensive list of vulnerabilities that we are seeing in the field. Contact us here and select “Secure Home-to-Office Transition Discussion” as your Area of Interest. We will have a HALOCK team member reach out to you to schedule a call.
CYBER SECURITY SERVICES TO MITIGATE YOUR RISKS
HALOCK also provides the following solutions to help our clients prevent these types of attacks.
HALOCK Threat Monitoring and Data Protection Partner Solutions
- Sophos Endpoint Protection
- Carbon Black Cloud-native Endpoint Protection
- Imperva Web Application Firewall