Thursday, February 28, 2008

Finjan discovers criminal database with 8700 account credentials to trusted domains!

Is the Corporate World under attack by hackers? A new report from Finjan suggests that top level domains have been compromised and access details are for sale on the black market.

It should be noted that government domains have been allegedly compromised, also.

From the Finjan press release:

Finjan Inc., a leader in secure web gateway products, today announced it has uncovered a database containing more than 8,700 harvested FTP account credentials, including username, password and server address - in the hands of hackers. These stolen credentials enable criminals to compromise servers and automatically inject crimeware to infect users visiting them. Among those stolen accounts are those of Fortune-level global companies in a wide range of industries including manufacturing, telecom, media, online retail, IT, as well as government agencies. The stolen FTP accounts include some of the world’s top 100 domains as ranked by Alexa.com.

Dark Reading Kelly (Jackson Higgins) went more into depth on the risks associated with this new discovery:

The so-called meoryprof.info (Me-or-you-Profit) site is selling username, password, and server addresses of these FTP servers as well as the NeoSploit Version 2 crimeware package, which basically lets the bad guys who buy it instantly infect these sites with malicious code -- with the goal of stealing valuable and confidential data from them as well as any visitors to the sites. It also “qualifies” the stolen accounts so that buyers either can then set a price to resell the compromised FTP credentials to other cybercriminals, or determine which are the more potentially lucrative sites to hack.

“With a click of a button they say ‘I want to infect his FTP server’ with the crimeware,” says Ben-Itzhak. Finjan did not test all of the sites to see if they had been infected yet or not.

From a more social perspective, this continues the scary trend of crimeware for sale, which enables not very technical criminals to commit fairly technical crimes at will.

Besides the fact that (in theory at least) sensitive information can be stolen from some of these sites, a visitor can be compromised when visiting a "trusted site."

Besides the risk of sensitive information being compromised, compromised sites, once publicized might face another problem a.k.a. unfavorable public exposure. This could lead to a loss of trust in their brand, and as seen recently, potential litigation.

This doesn't even take into consideration all the other assorted costs of recovering from a large scale data compromise that becomes public knowledge.

Finjan is inviting the corporate world to make inquiries, whether or not, their particular site is at risk. I'll provide the link to do so, here.

They are also providing more information on this latest crimeware kit on their "Malicious Page of the Month."

Dark Reading story, which seems to be a good information source on this story, here.

No comments: