Search This Blog

Showing posts with label Website. Show all posts

Mousetrapping: What is it & how to Safeguard Against it?

 

Mousetrapping works in the identical way that a traditional mousetrap does: you unknowingly walk into a trap designed to keep you trapped for as long as possible. Operators who utilize mousetraps actively market their products or services. They may even attempt to steal your personal details. So, how do you know when you've stepped into a trap? 

Mousetrapping is an unethical practice used by some website operators to keep you on their site for longer than necessary. It is a technique that traps you in an endless loop of pages and pop-ups, preventing you from leaving a website.

Some operators will even open the new page you've been redirected to in a new window. You can't access the taskbar, toolbar, or browser menu while in this window, making it difficult to close. These websites may even deactivate the web browser's back or exit buttons, trapping you on the page until you exit the browser. In such cases, the only actionable buttons that work are those in pop-ups that force you to perform whatever action the website owner dictates.

"Your phone is hacked. Download this Antivirus Software Now.
99% of android users have this app on their phone.
Your government is tracking your phone. Install this VPN."

When you visit a website with mousetraps, you will encounter a lot of messages like this: pop-ups requesting you to download an app, visit another site, or even enter your phone number. Clicking the exit button on these pop-ups usually results in more call-to-action messages. Executing these actions and downloading the files will almost certainly result in the installation of malware on your computer and the theft of sensitive information.

How to Recognize a Mousetrap

The first step in making a mousetrap is to closely mimic the URL of a legitimate popular website. It could be a celebrity's official website or your favorite newspaper. The malicious site could end up on a search engine with a simple misspelling and a line of code. Because the code and content closely resemble that of the authentic website, the link to the site ends up on search engines.

It is sometimes difficult to tell if a website is legitimate until you click on a link. Fortunately, there are methods for determining whether a website is genuine. The mousetraps are designed by the owners of these websites in order to capture as many clicks as possible from unwitting visitors. When you realize you've been duped, you immediately attempt to exit the site by clicking on a broken back button.

The logical next step would be to press the forward button or search the toolbar for an escape route. It is already too late at this point. It is nearly impossible to leave this way because the site owner has included lines of code that will open one ad banner after another for every click you make.

That isn't all. Because pop-ups appear quickly, you may need to open multiple windows in order to evade them. You must close each pop-up one by one, and the more clicks you have, the more benefit the site owner receives. The close button on pop-ups does not always work, resulting in more ads, banners, and redirects.

Mousetrapping isn't just for clicks. Some threat actors use these traps to keep their victims occupied. The pop-ups and windows are designed to keep you on the page while malware is downloaded onto your system.

How to Get Out of a Mousetrap

The obvious escape, like most traps, will most likely lead you deeper into the trap. The back button you rush to click will simply open an ad in another window or launch a barrage of banners, further frustrating you. Despite this, there are a few ways to get out of mousetraps.

1. Input Another URL Address
2. Disable JavaScript
3. Use Keyboard Shortcuts

It's difficult to spot a malicious website, especially if it's a carbon copy of a popular platform. When you realize you've been trapped and windows and pop-ups are appearing with every click, go to the URL bar and enter a new address. You should be able to close the opened windows using keyboard shortcuts.

However, prevention is always preferable to cure. Use web browsers that have add-ons and plug-ins that prevent redirects, advertisements, and unauthorized window openings. Another option is to disable JavaScript. Many site features, including pop-ups and banners, would be disabled.

Neopets Hacked, 69 Million Accounts Potentially Breached

 

The virtual pet website Neopets has announced that it has been hacked. JumpStart Games, as announced yesterday on Twitter and the official forums, is requesting that all 69 million accounts reset their passwords. 

"Neopets recently became aware that customer data may have been stolen," reads the official Twitter announcement. "We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data." 

The hacker responsible, as first reported by Neopets community site JellyNeo (via Polygon), has been found offering the whole Neopets database and source code for 4 Bitcoins (approximately $100,000). For an extra cost, the hacker would provide live access to the database. It's unclear whether this hack involves credit card information. Neopets charges a fee to eliminate adverts from the site and gain access to the forums and other premium services. In-game cash called NeoCash is also utilised for numerous microtransactions. 

Neopets, which debuted in 1999, were a brief phenomenon. Neopets, a website where players take care of a virtual pet, soon grew to millions of users, with original developer Adam Powell selling the service to Viacom for $160 million in 2005. Viacom eventually sold the site to JumpStart Games, which still owns it. The Neopets themselves require frequent food and care, yet even if neglected, they will not perish. 

One may also take them on a tour to Neopia (the Neopets world), where they and their Neopet can participate in a variety of minigames and enjoy the site's comprehensive social features. Although it is no longer at its peak, Neopets still has a committed user base. This isn't the first time that Neopets has been compromised. In 2016, a similar data breach compelled all Neopets users to change their passwords. 

This current attack is also unlikely to help the site's tattered reputation, especially in light of the recent announcement of the Neopets Metaverse Collection, a new NFT initiative that fans have slammed as a brazen cash grab.

Swissport Ransomware Attack Delays Flights, Disturbs Operations

 

Swissport International, a supplier of aviation services, was struck by a ransomware attack that disrupted its operations. 

Swissport International Ltd. is an aviation services firm controlled by an international group of investors that provides airport ground, lounge hospitality, and cargo handling services. On behalf of 850 aviation clients, the corporation manages over 282 million passengers and 4.8 million tonnes of cargo each year. Swissport employs over 66,000 people at 307 locations across 50 countries and has combined operating revenue of EUR 2.8 billion. 

Swissport International was the victim of a ransomware assault that disrupted company operations and prompted aircraft delays. As per the German website Spiegel, the ransomware attack only affected a minor section of the corporation's global IT infrastructure, and a company spokesperson verified that the security breach occurred at 6 a.m. on Thursday. 

The attack has been substantially contained, according to the company, which is attempting to rectify the situation as swiftly as possible. 

A spokeswoman for Zurich Airport added, “Due to system problems at our airport partner Swissport, 22 flights were delayed by 3 to 20 minutes yesterday.”

The company spokesman added, “The attack has now been contained and everything is being done to solve the problem as quickly as possible and limit the impact on flight operations. Swissport can continue to provide ground services for airlines safely, but there may be delays in some cases.” 

On Friday afternoon, the Swissport website was unavailable. The organisation has not yet revealed information regarding the attack, such as the ransomware family that attacked its systems or if the attack resulted in a data leak. The attack on their leak sites was not claimed by any ransomware group. 

Other recent attacks in Europe have affected key infrastructure, such as the one that crippled Oiltanking GmbH, a German petrol distributor that supplies Shell gas stations across the country. The oil provider Mabanaft GmbH was also impacted by the attack, according to the media. The Marquard & Bahls group owns both companies. As per local media, the attacks could have compromised the country's fuel supplies. 

A cyberattack was launched this week on some of the main oil terminals in Western Europe's largest ports. The Amsterdam-Rotterdam-Antwerp oil trading centre, as well as the SEA-Tank Terminal in Antwerp, are among the affected port infrastructure.

Due to a Cyber Attack, MangaDex Website Taken Down for 2 Weeks

 

A few days ago, on 17th March, MangaDex found that a malicious actor, who already had access to an administrative account, had hacked the site. They said a malicious player has been able to access an administrative account by using a session token in an older database leak via flawed session management configuration. They further moved on to locate and patch the vulnerable section of code, also sweeping session data worldwide to prevent further attempts at, using the same technique. 

After the breach, they spent several hours analyzing the code and began patching. This occurred alongside the opening of the site following the breach, as we mistakenly believed that the actor could not access it. As a precaution, their infrastructure has been monitored in case the assailant is returned. 

Afterward, the attacker even sent an email with the "MangaDex has a DB leak. I suggest you tell their staff about it,” message to a few users according to the website's official notice. Since then, MangaDex has been maintaining the website and its users to prevent further disruption and security problems. 

Fortunately, MangaDex was pretty transparent regarding the violation and was providing information via Twitter instead of trying to hush up the details. However, the team recommends taking immediate actions to secure one’s online identity. Further, a database breach is also yet to be verified by them. So, if one uses the same password for all sites, they may want to change their passwords on other sites also. 

That being said, MangaDex affirmed that the new website — MangaDex v5 — will stay offline for a full rewrite that can take two weeks to complete. This decision took into consideration many other alternatives, such as the reintroduction of the website in its present state which could be vulnerable under MangaDex to further attacks. The new website will only have the basic features. This implies that only when MangaDex v5 is launched, users can read and upload and follow – like the website of the OG. 

The team confirmed that MangaDex v3 is back, though with several features that allow users to export bookmarks. A bug bounty program may also be developed for the team for v5. This helps MangaDex to patch all exploits in the code so that attackers will not be able to break the website.