Wick Hill's MD, Ken Ward retires » Woking, Surrey: After 20 years with Wick Hill, and having reached retirement age, managing director ... Fayose vs. the Caliphate’s MACBAN and their fake C... » Sundoor999@gmail.com Gov. Ayodele Fayose has emerged as the Champion of the Nigerian people. He ... MWR launches annual HackFu Event with competitio... » London: Launching this year’s campaign for HackFu, its annual cyber security event, MWR InfoSecurity... 27 Security, Safety Tips To Prevent, Survive A Kid... » No doubt kidnapping for ransom and extortion (KRE) is a global problem. The gist is that this heinou... The Niger Delta Imbroglio: Why they struck again » This essay aims to critically analyze recent upshots: the relapse to agitation, militancy, bombing o... Lieberman Software and Core Security form strategi... » London, UK: Lieberman Software Corporation has announced a new strategic alliance with (Courion) Cor... Ness Tec helps secure the Torridon Hotel with MOBO... » UK: MOBOTIX AG has released details of a project for the Torridon Hotel that has upgraded its CCTV t... Norbain adds new Suprema and BioConnect biometric ... » Norbain has announced the addition of new BioConnect biometric products to the Norbain product portf... UK2 Group selects Opengear for global Smart Out-... » UK: Opengear has announced a successful project with UK2 Group, a growing hosting provider, to impro... Zinwave to demonstrate public safety DAS at Crit... » Zinwave has announced that it will showcase its UNItivity distributed wireless access solution (DAS)...

CLICK HERE TO

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Information Security Header

Following on from the DDos attacks on US Banks, Imperva have posted up an interesting blog which shows the origins of these attacks which have stemmed from malware being planted into webservers.

 

Please see link below:

http://blog.imperva.com/2013/03/itsoknoproblemo-eyes-wide-shut.html

Itsoknoproblemo, Eyes wide shut.

In January, Incapsula released analysis showing how infected webservers were being used in order to elevate broader attacks, such as DDoS campaigns, which we have recently witnessed targeting the banking industry.

Today, ThreatPost released an article discussing the recent rise of DDoS against US Banks. Some banks were reported to suffer service disruption ( via sitedown). This follows a warning issued by the Qassam Cyber Fighters hacktivist group, claiming it will disrupt US Banks operations as part of “Operation Ababil.”

Denial of Service (DoS) attacks are technical attacks that are focused on consuming the resources of a server/service, which prevents it from serving more legitimate users of that specific service. This is done either by consuming the available network bandwidth, or in the application age, by consuming the actual application resources. These attacks usually require many machines addressing the service in the same time to generate the load.

The Web Threat Angle

In the industrialized hacking age, where Hactivism has become talk of the day, hackers build botnets in order to coordinate such an attack from many computers. One of the easiest ways to build a botnet is through “Waterhole” websites, which are popular websites infected with malware that infect the host, which becomes a zombie in the botnet, waiting for instructions to generate targeted traffic upon demand. The recent NBC malware infection attack is a great example of the use of Waterhole websites to infect the masses

Now we are seeing itsoknoproblemo, which is one of the tools most used in the recent DDoS attacks against the US Banking industry, some peaking at 70 Gbps.

This tool is distributed mostly via a Remote File Inclusion (RFI) attack, creating a drive-by download vector for users that hit the infected web pages, and then become zombies. An RFI attack allows you to plant/redirect users to malicious code just by going on the website.

What does this teach us?

There are two problems that need to be dealt with here. One is the problem that the banks now deal with: the DDoS attacks themselves. The other is the infection vector of the malware via webservers.

 

The RFI vulnerability is the starting point that allows hackers to build the bot-net that eventually generates the DDoS attack.

 

Since alongside spear-phishing, it enables one of the biggest ways for hackers to send malware and DDoS-specific malware to users.

 

Interestingly enough, companies protected by Web Application Firewalls are capable of protecting themselves against RFI attacks and from the follow-up of distributing malware. And even though they do not suffer from the DDoS attack itself, the malware distribution creates the reputation damage that companies fear