A summary of the threats that have been at the heart of many of the online forensic cases we have undertaken so far this year.
A number of high profile hacks and breaches in 2014 brought the world in which we work into the public eye as never before. Yet, these breaches were merely the tip of the iceberg. As forensic investigators, 2014 was our busiest year to date.
We worked with businesses of all sizes, from small e-commerce operators, through mid-sized retail organisations to large issuer and acquirer banks. All of them knew they faced threats and wanted to be properly equipped to defend themselves against them.
Although we are less than halfway through 2015, the trend for online threats is real and showing strong growth, with our team having assisted more hacked organisations in the first four months of 2015 than in the whole of 2014.
As experts in this field, we have collated our findings so far from 2015 to highlight some of the major threats that could affect your business – or could even be affecting it right now.
- Wordpress “SoakSoak” malware.
SoakSoak modifies a file in infected sites’ WordPress installation, then loads a Javascript malware from the soaksoak.ru domain. The malware is using a vulnerability in the RevSlider WordPress plugin which is often used within WordPress themes, meaning website owners may not know they are at risk as it could have been included without their knowledge. Read more here.
- SQL Injection remains the most prolific attack
SQL Injection has been well documented and has been a well-known attack for the last 10 years - at least. While it is well known and well documented, it is the most prevalent attack vector seen by our forensic team in the online world - affecting organisations of all sizes and types. View our Webinar on how to prevent these types of attacks.
- Magento Phantom Malware
Foregenix has discovered a growing number of websites affected by this elusive malware. The Magento Phantom malware allows unauthorized users to access the impacted site and make system modifications to harvest payment card details, as well as other confidential information belonging to both customers and the compromised websites. Download our whitepaper to discover more about this malicious malware and how to detect and remove it.
- Feed_Manager: 2.0.7 – Malicious Plugin
Our forensic team have seen a number of recent cases involving Magento websites that have been hacked through the same malicious web shell. We believe that this malicious extension has been named to be similar to the legitimate Feed Manager extension (which is currently offered as version 2.1.3 on http://www.magentocommerce.com) to evade casual review by web admins. Click here to read our blog on how to detect and move this malware.
- Filesman Malware
So far in 2015 we have assisted a number of online clients having been compromised via the “Filesman” backdoor. This backdoor is not a new attack – in fact, it’s been very well publicized and documented over the last few years. Click here to read our blog on this attack.
- Magento Shoplift Critical Flaw
A critical Magento vulnerability was released via Check Point Technologies in SC Magazine in April (known as Magento Shoplift (SUPEE-5344)). With 15% of e-commerce websites being affected by this vulnerability, any Magento website owner would be highly recommended to take immediate action to protect their business. View our blog for more information.
- Obfuscated Website Modification Code – The new “average” attack
We see quite a lot of interesting things in the forensic lab at Foregenix. Obfuscated web site modification code is generally not one of them though. That is until we started seeing an interesting trend developing. Read our blog to discover how hackers could be storing stolen credit card data in YOUR website database.
How can you defend against these types of attacks?
A solution such as Foregenix’s FGX-Web Protect - designed, built, managed and supported by a team of security specialists - offers the security required for a business to grow and prosper in the e-commerce market place. FGX-Web is an advanced web security solution - a protective fortress for websites. The dual layer defence acts as a safety net, providing website file change monitoring and alerting, while also ensuring that any attacks on websites, such as the above, are filtered out before they can do any damage.
If you are looking for a solution to simplify website security, we would love to speak with you and show you how we can help.