Tag Archive for: Web’

Roku Has More than 15,000 User Accounts Hacked, Stolen Data Sold for 50 Cents Per Customer on the Dark Web

/in


Hackers have stolen personal data, including credit-card authentication credentials, of 15,363 Roku users, with individual user account data selling for just 50 cents each on the Dark Web. 

Some Roku users were locked out of their accounts, with data thieves coopting them to make nefarious in-app purchases. 

Source…

Attack wrangles thousands of web users into a password-cracking botnet

/in


Attack wrangles thousands of web users into a password-cracking botnet

Getty Images

Attackers have transformed hundreds of hacked sites running WordPress software into command-and-control servers that force visitors’ browsers to perform password-cracking attacks.

A web search for the JavaScript that performs the attack showed it was hosted on 708 sites at the time this post went live on Ars, up from 500 two days ago. Denis Sinegubko, the researcher who spotted the campaign, said at the time that he had seen thousands of visitor computers running the script, which caused them to reach out to thousands of domains in an attempt to guess the passwords of usernames with accounts on them.

Visitors unwittingly recruited

“This is how thousands of visitors across hundreds of infected websites unknowingly and simultaneously try to bruteforce thousands of other third-party WordPress sites,” Sinegubko wrote. “And since the requests come from the browsers of real visitors, you can imagine this is a challenge to filter and block such requests.”

Like the hacked websites hosting the malicious JavaScript, all the targeted domains are running the WordPress content management system. The script—just 3 kilobits in size—reaches out to an attacker-controlled getTaskURL, which in turn provides the name of a specific user on a specific WordPress site, along with 100 common passwords. When this data is fed into the browser visiting the hacked site, it attempts to log into the targeted user account using the candidate passwords. The JavaScript operates in a loop, requesting tasks from the getTaskURL reporting the results to the completeTaskURL, and then performing the steps again and again.

A snippet of the hosted JavaScript appears below, and below that, the resulting task:

const getTaskUrl = 'hxxps://dynamic-linx[.]com/getTask.php';
const completeTaskUrl = 'hxxps://dynamic-linx[.]com/completeTask.php';


[871,"https://REDACTED","redacted","60","junkyard","johncena","jewish","jakejake","invincible","intern","indira","hawthorn","hawaiian","Source…

Radware: Web App, API Malicious Transactions Up 171% Due to DDoS Attacks

/in


  • DDoS attacks per customer nearly double
  • Web DDoS attacks relentlessly continue throughout the year
  • DNS query flood vectors increase more than three fold
  • Government, business/economy, and travel websites face the most hacktivist claimed DDoS attacks worldwide

Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, released its 2024 Global Threat Analysis Report.

“The technological race between good and bad actors has never been more intense,” said Pascal Geenens, Radware’s director of threat intelligence. “With advancements like Generative AI,

inexperienced threat actors are becoming more proficient and skilled attackers more emboldened. In 2024, look for attack numbers to climb and attack patterns, like the shift in Web DDoS attacks, to continue to evolve.”

Radware’s comprehensive report leverages intelligence provided by network and application attack activity sourced from Radware’s Cloud and Managed Services, Global Deception Network, and threat intelligence research team during 2023. In addition, it draws from information found on Telegram, a public messaging platform often used by cyber criminals.

Radware’s report reveals key themes about the emerging threat landscape.

DDoS Attacks Surge Unprosecuted

“With almost two years of illegal denial of service left un-prosecuted following Russia’s invasion of Ukraine and the unfettered rise of hacktivism, the threshold into a life of cyber crime has reached a new low,” said Geenens. “We have yet to see DDoS attacks used as a mainstream vehicle to settle disagreements or differences, but plenty of groundwork has been laid by proficient hacktivists.”

Between the close of 2022 and 2023 DDoS attacks rose worldwide:

  • Globally, the average number of DDoS attacks per customer grew by 94%. On a regional basis, the increase in the number of DDoS attacks targeting customers varied:
    • EMEA rose 43%
    • The Americas grew 196%
    • APAC climbed 260%
  • The Americas were targeted by almost half of all global DDoS attacks. The EMEA region, accounting for 39% of the DDoS attacks, mitigated 65% of the global DDoS attack volume. The APAC region accounted for almost 12% of global DDoS attacks.

Hacktivists Attack with Unrelenting…

Source…

Unraveling the Intricate Web of State-Sponsored Cyber Espionage

/in


In an era where digital frontiers are continually expanding, the specter of state-sponsored cyber espionage looms large. Recent revelations have shed light on the intricate web of cyber activities orchestrated by nations like China and Russia, targeting global infrastructures and posing unprecedented threats to international security. This narrative unfolds against the backdrop of accusations leveled against these countries, involving sophisticated hacking operations that not only breach the digital defenses of corporations but also insidiously infiltrate the very core of critical national infrastructures.

The Genesis of Cyber Espionage: Unveiling ‘Bitter’

At the heart of this digital battleground is ‘Bitter’, an advanced persistent threat (APT) group with suspected origins in India, active since at least November 2013. Bitter’s modus operandi is emblematic of the shadows cast by cyber espionage on global politics. Through meticulously crafted spear phishing and watering hole attacks, this group has targeted a swath of countries including Pakistan, Bangladesh, Mongolia, and China. Their actions, ranging from impersonating embassies to deploying malicious files via compromised email accounts, are not merely acts of cyber vandalism but calculated moves on the chessboard of international intelligence gathering.

The activities of Bitter, connected to other groups like Patchwork, SideWinder, and Donot, underscore a broader narrative of cyber operations focused on extracting sensitive information. Cybersecurity firms have linked several attacks over the past two years to Bitter, revealing a pattern of espionage that underscores the strategic importance of digital intelligence in modern geopolitical maneuvering.

Escalating Threats: China’s Cyber Prowess and Global Responses

China’s ever-expanding cyber capabilities have come under intense scrutiny, with accusations of state-sponsored hacking that targets critical infrastructure, notably in countries like Japan. The Deputy Director of Japan’s National Center of Incident Readiness and Strategy for Cybersecurity has voiced concerns over the rising tide of cyber threats,…

Source…