The Largest DDoS Attacks & What You Can Learn From Them
A DDoS (Distributed Denial of Service) is an attack that focuses on making the website unavailable to its legitimate users. DDoS attacks can produce service interruptions, introduce large response delays, and cause various business losses. Denial-of-Service Attacks result in two ways —they either flood services or crash services. Attackers execute DDoS through computers and smart devices. Given this, it’s common for attackers to make use of IoT devices that are internet-accessible.  IoT devices refers to any electronic that can connect to the internet and transmit data, such as toys, smart TVs, and monitors of any kind. Continue reading The Largest DDoS […]

What Hackers Do After Gaining Access to a Website
A hack or cyber attack is the act of maliciously entering, taking control over, or manipulating by force a web application, server, or file that belongs to someone else. Cyber attacks will: modify files, retrieve information, insert commands or scripts, change the way your website and Google Search Results look to visitors. What Do Hackers Do? Here is a brief descriptions on the most common cyber attacks we see performed by hackers. Continue reading What Hackers Do After Gaining Access to a Website at Sucuri Blog.

How to Create a Website Maintenance Plan & Contract
In my years of experience working alongside agencies, I’ve realized that managed providers and other web pros who offer website maintenance to their clients, have a hard time convincing them on the value of managed services. It’s a common mindset. Much like the homeowner who is unwilling to invest in a rock solid insurance policy or an uninsured car owner who gets insurance after a reckless driver rams into the back of it. Continue reading How to Create a Website Maintenance Plan & Contract at Sucuri Blog.

Troldesh Ransomware Dropper
Over the past few weeks, we’ve seen an increase in Troldesh ransomware using compromised websites as intermediary malware distributors. The malware often uses a PHP file that acts as a delivery tool for downloading the host malware dropper: hxxp://doolaekhun[.]com/cgi-bin/[redacted].php This type of infected URL is usually spread through malicious emails or through services like social media. Malicious “JSC Airline” JScript File Once a victim clicks the URL and loads it, a JScript file downloads to the victim’s computer. Continue reading Troldesh Ransomware Dropper at Sucuri Blog.

Magento Skimmers: From Atob to Alibaba
Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it’s hxxps://livegetpay[.]com/pay.js?v=2.2.9 and “onepage”, respectively. The campaign used a variety of different domain names and targeted all sorts of payment processing systems, which is well described in the Group IB’s report. Continue reading Magento Skimmers: From Atob to Alibaba at Sucuri Blog.

Autoloaded Server-Side Swiper
Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the “swipers” can be easily detected by simply scanning the web pages of e-commerce sites. However, this isn’t the only way to steal payment details and sensitive user information from compromised sites. Server-side swipers are almost as prevalent as client-side ones, and our remediation team removes both types of credit card stealers from compromised websites on a daily basis. Continue reading Autoloaded Server-Side Swiper at Sucuri Blog.

Malicious Plugin Used to Encrypt WordPress Posts
During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner complained of a newly installed and activated plugin on their website that was rendering their original content unreadable. The plugin encrypted posts with the ‘AES-256-CBC’ method by using the openssl_encrypt function, which made it impossible to decrypt without proper keys. This is the first time we’ve seen a plugin target specific blog posts on a website, but it’s possible that we’ll see this more often in the coming months. Continue reading Malicious Plugin Used to […]

Neapolitan Backdoor Injection
Most of us are familiar with Neapolitan ice cream: a flavour whose distinguishing characteristic is not one single flavour but several. Many also know it as the ice cream which your roommate eats all of the chocolate, leaving you with the paltry remains of the notably less popular vanilla and strawberry flavours. While cleaning a WordPress website of malware I recently came across an injection which I think can best be described as Neapolitan. When attackers compromise a website in almost all cases one of the first things they typically do is plant one or more backdoors on the website. […]

Reverse Hardening WordPress Config
Hardening is the process of securing a website or system against known security weaknesses or potential issues to reduce the attack surface. The more functions or features a website has, the more potential points of entry an attacker has to leverage. For example, a popular method for hardening WordPress installations is to disable the backend theme and plugin editor, which normally allows direct modification to the code in any theme or plugin file. Continue reading Reverse Hardening WordPress Config at Sucuri Blog.

How to Stop a DDoS Attack & Prevent Future Attacks
DDoS attacks are a growing threat for websites. But do you know how to mitigate them in their tracks? We’ll cover some essential fundamentals on stopping a DDoS attack and preventing them from happening in the future. Specifically, as a webmaster, keeping your site online during large traffic spikes is what you strive for. We simply want to make sure the traffic spikes are legitimate and harmless. What is a DDoS Attack? Continue reading How to Stop a DDoS Attack & Prevent Future Attacks at Sucuri Blog.