+62 61 7330092

Category Archives

11 Articles

Begini Cara Hacker Rusia Curi Data melalui Anti Virus Kaspersky

Hacker asal Rusia mencuri data rahasia National Security Agent (NSA) melalui salah satu agen kontraktornya. Kejadian yang diketahui berlangsung pada 2015 ini merupakan pembobolan besar di internal NSA.

Dikutip dari Wall Street Journal, Minggu (8/10/2017), pencurian data ini diduga terjadi setelah si agen NSA mentransfer data-data tersebut ke komputer miliknya.

Agen tersebut menggunakan software antivirus buatan Kaspersky, yang memungkinkan para peretas mengidentifikasi dan menargetkan data milik agen tersebut.

Tidak jelas apakah peretasan yang baru diketahui ini masih terkait Shadow Brokers atau bukan. Shadow Brokers adalah sebutan untuk rentetan kebocoran data NSA yang banyak terkait dengan pemerintahan Rusia.

Sementara itu, terkait software Kaspersky yang dicurigai sebagai ‘tokoh utama’ dalam pencurian data ini, tidak diketahui apakah Kaspersky sendiri menyadari adanya serangan ini.

Yang jelas, program antivirus ini secara rutin mengirim data telematika ke server pusatnya. Dalam kasus Kaspersky, server pusatnya berlokasi di Rusia.

Transmisi data ini dienkripsi menggunakan SSL. Namun jika pihak Rusia bisa membuka enkripsi tersebut, mereka bisa mendeteksinya tanpa diketahui Kaspersky maupun agen NSA.

Bagi Kaspersky, laporan ini membuat perusahaannya semakin dicurigai, di tengah memburuknya hubungan Amerika Serikat (AS) dan Rusia yang berdampak semakin luas.

Seperti diketahui, antivirus Kaspersky dilarang penggunaannya di Negeri Paman Sam. Pemerintahan Donald Trump telah menghapus nama Kaspersky Lab dari daftar vendor untuk pembelian perangkat teknologi yang akan digunakan oleh instansi pemerintahan.

Alasannya, dikhawatirkan produk keamanan Kapersky menjadi jalur yang digunakan Kremlin untuk masuk ke jaringan di AS.

Hal tersebut menjadi tindakan konkrit dari kecurigaan badan intelijen dan parlemen AS yang muncul sejak beberapa bulan lalu.

Mereka meyakini perusahaan antivirus yang bermarkas di Moskow itu punya hubungan erat dengan badan intelijen Rusia yang berada di balik serangan cyber ke AS.

WannaCry Hero Arrested on Kronos Malware Charges

In a stunning twist, U.S. authorities this week arrested a British cyber-researcher credited with stopping the spread of the WannaCry ransomware virus on charges he helped develop and deploy the Kronos banking trojan that attacked financial institutions around the world in 2014.

Following a two-year investigation, a federal grand jury in Wisconsin last month handed down a six-count indictment against Marcus Hutchins, a resident and citizen of the UK who operated under the name “Malwaretech,” according to U.S. Attorney Gregory Haansted, who oversees the Eastern District of Wisconsin.

Hutchins was arrested Wednesday at the McCarran International Airport in Las Vegas, where he had been attending the Def Con hacking conference. The charges include one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavoring to intercept electronic communications, and one count of attempting to access a computer without authorization.

Origin Story

Hutchins created the Kronos malware, prosecutors have alleged.

A video showing the functionality of the Kronos banking trojan was posted to a publicly available website in July 2014, according to a copy of a sealed indictment the U.S. District Court posted July 12.

A defendant, whose name is blacked out, used the video to show how Kronos worked, the indictment says. A defendant, again with the name blacked out, offered to sell the Kronos banking trojan for US$3,000.

Defendants whose names were blacked out updated the Kronos malware early 2015, according to the indictment. In April of that year, a defendant with a name blacked out allegedly advertised the malware on the AlphaBay market forum.

In June 2015, a version of the Kronos malware was sold on the forum for $2,000 in digital currency. In July 2015, a defendant with the name blacked out offered “cryptying” services for Kronos — that is, computer code used to shield the malware from antivirus software, the indictment states.

Kronos was an ongoing threat; in late 2016, the Kelihos botnet was observed trying to load Kronos using an email phishing campaign. A Russian national, Peter Yuryevich Levashov, 36, was arrested in Barcelona this April on U.S. federal charges related to his alleged operation of Kelihos.

The Justice Department last month announced that AlphaBay, which is considered the largest criminal marketplace on the dark Web, was shut down following an international investigation. Alpha Bay had been used to sell everything from fentanyl and heroin to weapons, chemicals, stolen identification documents and hacking tools.

Authorities last month arrested Alexandre Cazes, a Canadian national living in Thailand, on charges he helped create and administer the site, but he reportedly took his own life while in Thai custody.

Arrest Fallout

Hutchins this spring was hailed as an international hero after he located the kill switch to end the WannaCry ransomware attack that had locked up thousands of computers across the globe.

However, his arrest does not appear to be directly related to WannaCry, said Mark Nunnikhoven, vice president of cloud security at Trend Micro.

The current case is particularly interesting because the charges indicate the arrest is based on the creation of Kronos, not its use, he said.

“Basically, it’s saying that the only possible use of the software was malicious,” Nunnikhoven told the E-Commerce Times.

Additional activity has been detected related to the WannaCry ransomware attack, specifically that the bitcoin wallet used in the attack had been emptied, noted James Pleger, managing director of global threat intelligence at Kudelski Security.

“This came as a bit of a surprise, considering that many criminals try to cash out as quickly as possible,” he told the E-Commerce Times.

The delay may have been related to the scrutiny investigators placed on the attack early on, Pleger said — and on a more ominous note, added that it may indicate that the same hackers could be ready for a new attack using different methods.

A spokesperson for the U.S. attorney in Wisconsin was not immediately available for comment. The FBI referred all questions on the case to the DoJ.

Amazon Says Employee Error Caused Tuesday’s Cloud Outage

(Bloomberg) — Amazon.com Inc. said efforts to fix a bug in its cloud-computing service caused prolonged disruptions Tuesday that affected thousands of websites and apps, from project-management and expense-reporting tools to commuter alerts.

An Amazon Web Services employee working on the issue accidentally switched off more computer servers than intended at 9:37 a.m. Seattle time, resulting in errors that cascaded through the company’s S3 service, Amazon said in a statement Thursday. S3 is used to house data, manage apps and software downloads by nearly 150,000 sites, including ESPN.com and aol.com, according to SimilarTech.com.

“We are making several changes as a result of this operational event,” Amazon said in a statement. “While removal of capacity is a key operational practice, in this instance, the tool used allowed too much capacity to be removed too quickly. We have modified this tool to remove capacity more slowly and added safeguards to prevent capacity from being removed when it will take any subsystem below its minimum required capacity level.”

AWS is the company’s fastest-growing and most-profitable division, generating $3.5 billion in revenue in the fourth quarter. It’s the biggest public cloud-services provider, with data centers around the world that handle the computing power for many large companies, such as Netflix Inc. and Capital One Corp. Amazon and competitors like Microsoft Corp. and Alphabet Inc.’s Google are growing their cloud businesses as customers find it more efficient to shift their data storage and computer processes to the cloud rather than maintaining those functions on their own. Widespread adoption also increases the likelihood that problems with one service can have sweeping ramifications online.

Bug ‘exposes’ WhatsApp message secrets

Some messages sent through WhatsApp can be intercepted and read thanks to a bug in the app, suggests research.
The bug arises because of the way WhatsApp encrypts the messages sent via its service.
Security expert Thomas Boelter found that eavesdropping was possible when circumstances called for encryption keys to be reissued.
Mr Boelter told WhatsApp owner Facebook about the issue in April 2016 but it said it was not working on a fix.
The response he received said that what he had discovered was expected behaviour.
Privacy campaigners claimed in The Guardian newspaper that the bug was a “huge threat” to freedom of speech because it could be used by governments or law enforcement agencies to spy on people who thought they were communicating securely.
In a statement reacting to media stories about the research, WhatsApp said the bug was not a “backdoor” intentionally placed in its code that allowed governments to make the firm decrypt messages.
“This claim is false,” it said. “WhatsApp does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor.”
Bad coding
The bug crops up in situations when encryption keys used to scramble messages have to be reissued and resent.
Mr Boelter found that, in certain circumstances, attackers can pose as the recipient of a message and force WhatsApp to reissue keys for scrambling information.
Sophisticated manipulation of this system would let attackers intercept and read messages, said Mr Boelter.
Zack Whittaker, security editor at ZDNet, said it was a “stupid and big bug” but played down its seriousness.
The problem was “limited” in its scope, he said, adding that it probably emerged because of “bad coding or a favour to good user experience”.
In its statement, WhatsApp said it had taken a design decision to implement the re-issuing of keys in this way to preserve millions of messages that would otherwise be lost.
Cryptographer Frederic Jacobs said anyone worried about falling victim to the bug could adjust security settings on the app to warn them if encryption keys were being changed.

10 Days of DDoS: an Actor’s “Working” Hours

Threat actors working on a schedule similar to that of legitimate businesses recently launched large distributed denial of service (DDoS) attacks for ten days in a row, CloudFlare researchers warn.

Starting on Nov. 23 and running through Dec. 2, the actor behind a DDoS-capable tool has been launching large-scale attacks for roughly eight hours each day, seemingly during specific working hours. CloudFlare, which observed and mitigated several of the attacks, says that the actor started work at around 18:00 UTC (13:00 EST) each day and ended shift eight hours later, at around 02:00 UTC (21:00 EST).

Day after day, with only slight variations of half an hour or so, the actor would employ this pattern when launching DDoS attacks, as if they “’worked’ a day and then went home,” CloudFlare says. On the last day, the attacks continued for 24 hours straight, either because the attacker no longer took the night off, or because multiple operators worked in shifts to keep the floods going.

The attacks, the security researchers say, were quite large: they peaked at 172Mpps (Million packets per second) and 400Gbps (Gigabits per second) on the first day, but went over 200Mpps and 480Gbps on the third day.

“And the attacker just kept this up day after day. Right through Thanksgiving, Black Friday, Cyber Monday and into this week. Night after night attacks were peaking at 400Gbps and hitting 320Gbps for hours on end,” CloudFlare’s John Graham-Cumming reveals.

One of the most interesting aspects of these attacks is that they are not launched by the famous Internet of Things (IoT) botnet Mirai, but by a different tool, CloudFlare reveals. The attacker is sending very large L3/L4 floods aimed at the TCP protocol, a technique different from what Mirai uses.

The security researchers also note that the attacks they witnessed were highly concentrated in a small number of locations mostly on the United States west coast. This doesn’t come too much as a surprise, considering that DDoS bots have been long abusing cloud services offered by Amazon and other companies.

What this incident also reveals is how trivial it has become for a DDoS actor to launch attacks peaking above the 400Gbps mark. In fact, as Akamai’s Q3 State of the Internet report reveals (PDF), the number of attacks over 100Gbps went up 138% in the third quarter of this year compared to the same period in 2015, while DDoS attacks registered an overall increase of 71% since Q3 2015.

Credit card with a digital display that randomly generates a security code is being launched

A credit card with a digital display that randomly generates a security code is being launched as a way of combating fraud.
Oberthur Technologies is currently in discussions with UK banks about rolling out the technology and will have cards “in the hands” of consumers in France by the end of the year.
Credit card fraud costs banks millions of pounds each year.
One expert said a different design for credit cards was overdue.
“In some ways, it’s surprising it has taken so long for this to appear,” Prof Alan Woodward, a cybersecurity expert from Surrey University, told the BBC.
The card provides an extra layer of security by replacing the static printed three-digit security code on the back of the card with a mini screen which displays a random code that changes automatically every hour.
It is powered by a thin lithium battery designed to last for three years.
“The technology has existed for some time so now it will be a case of persuading card processors that it is worth doing,” said Prof Woodward.
“It may be costly for card operators as some extra infrastructure will be required to ensure our cards stay synchronised with the operator, but it happens already for many banks with the dongles they issue for login.”
One drawback of the card is that customers will no longer be able to memorise their security code and will need to check the card every time they want to make an online purchase.
French banks Societe Generale and Groupe BPCE are preparing to roll the cards out to customers, following a pilot scheme last year and there are also pilot schemes in Mexico and Poland.
According to the UK’s Financial Fraud Action, credit card fraud in the UK totalled £755m in 2015 and the Office for National Statistics said that there were 20,255 victims.
There are several ways that fraudsters get hold of credit card details – from the online theft of data to skimmers that are attached to cash machines.
Skimmers – often homemade devices – that are attached to a cash machine, can steal information from the card’s magnetic strip and pin code with the help of a fake ATM pin pad or web camera.
Over time, the design has become more sophisticated with the advent of so-called shimmers – that are able to gather information from the card’s chip. Scammers are also now able to inject malware directly into cash machines
In response, banks are working on new authentication solutions, based on biometrics – regarded as a more secure way to identify customers.
But a recent study from security firm Kaspersky Labs suggests that cybercriminals are already planning to exploit these new technologies.
It found at least 12 sellers offering skimmers capable of stealing victims’ fingerprints. Other underground sellers are already researching devices that could obtain data from palm, vein and iris recognition systems.
David Emm, principal security researcher at Kaspersky, said the Motion Code card would “reduce the window of opportunity” for a thief with a stolen card but added it would be a stronger proposition if the security code was generated on “another device”.
“Banks should consider applying a multitude of cybersecurity solutions to minimise unauthorised access to such information,” he said.
“Consumers must also be aware of their digital footprint, installing security updates promptly, using strong and unique passwords, applying caution when using public wi-fi networks and not revealing too much information about ourselves online.”

Many Yahoo users rushed on Friday to close their accounts and change passwords

Many Yahoo users rushed on Friday to close their accounts and change passwords as experts warned that the fallout from one of the largest cyber breaches in history could spill beyond the internet company’s services.

After Yahoo disclosed on Thursday that hackers had stolen the encrypted passwords and personal details of more than 500 million accounts in 2014, thousands of users took to social media to express anger that it had taken the company two years to uncover the data breach.

Several users said they were closing their accounts.

“We’re probably just going to dump Yahoo altogether,” said Rick Hollister, 56, who owns a private investigation firm in Tallahassee, Florida. “They should have been more on top of this.”

Due to the scale of the Yahoo breach, and because users often recycle passwords and security answers across multiple services, cyber security experts warned the impact of the hack could reverberate throughout the internet.

Several users said they were scrambling to change log-in information, not just for Yahoo but for multiple internet accounts with the same passwords. Accounts at banks, retailers and elsewhere could be vulnerable.

“I suppose a hacker could make the connection between my Yahoo and Gmail,” said Scott Braun, 47, who created a Yahoo email when he was setting up a shop on online retailer Etsy. “They both use my first and last name. Not being a hacker, I don’t know what their capabilities are.”

That concern was echoed in Washington. “The seriousness of this breach at Yahoo is huge,” Democratic Senator Mark Warner said Thursday. The company plans to brief Warner next week about the attack, his office said.

Yahoo has said that it believes that the breach was perpetrated by a state-sponsored actor.

SY Lee, a former Department of Homeland Security spokesman, said that would be of particular concern to the intelligence community, given the interest state-sponsored hackers have in compromising employees with security clearances.

The FBI had not issued specific guidance to its employees on handling their personal Yahoo accounts, a spokeswoman said.

British companies BT Group (BT.L) and Sky Plc (SKYB.L), which use Yahoo to host email for some of their broadband customers, said they were communicating with their users.

Yahoo urged users to change their passwords and security questions, but some said it would be easier just to give up their accounts because they rarely use them.

The company has been losing users, traffic and ad revenue in recent years and over the summer agreed to sell its core business for $4.8 billion to Verizon (VZ.N).

RELATED COVERAGE

Yahoo is sued for gross negligence over huge hacking
Yahoo faces growing scrutiny over when it learned of data breach
Rachel, a 33-year-old from Newcastle, England, who asked Reuters not to use her last name, said she would be shutting down the Yahoo account she opened in 1999.

Furious that the company had not protected its customers’ data better, she said she thought this could be yet another blow for the email service, which has been overtaken in popularity by Google’s Gmail over the last decade.

But Cody Littlewood, who owns a start-up incubator in Miami Beach, was one of several users who said it was precisely because of the decline in the use of Yahoo’s services that they were not worried about the hack.

“Yahoo is only relevant for fantasy football. Worst case scenario, they get into my account and drop Jamaal Charles,” he said, a reference to the star Kansas City running back who regularly tops fantasy football rankings.

(Additional reporting by Dustin Volz; Editing by Cynthia Osterman)

Attack-for-Hire Teens Collared in Israel

At the request of the FBI, Israeli authorities last week arrested Itay Huri and Yarden Bidani, both 18 years old, for operating vDOS, a DDoS-for-hire service that raked in more than half a million dollars in two years.

DDoS attacks flood websites with garbage data in order to disrupt their operation and deny users access.

The pair were questioned and released after posting bond of about US$10,000 each, according to TheMarker, an Israeli news site. In addition, the duo’s passports were seized, they were placed under house arrest for 10 days, and they were barred from using the Internet or any telecommunications equipment for 30 days.

The arrests occurred at around the same time that Krebs on Security published a report on vDOS.

vDOS revenues for the past two years exceeded $600,000, and the service launched more than 150,000 DDoS attacks on behalf of its customers, Krebs reported.

Growing Trend

Although malpreneurs have been offering for-hire services for a while, they have begun emerging from the dark corners of the Internet.

“It’s just becoming more mainstream,” said Ram Mohan, chief technology officer at Afilias.

“It used to be only accessible on the dark Web,” he told TechNewsWorld. “Now it’s becoming accessible on the open Web as well.”

“As a Service” offerings have become popular in the business world because they’re easy to use, and the same is true of the malicious offerings, noted Slawek Ligier, vice president of engineering for security Barracuda Networks.

“You’re being provided with your entire infrastructure — not just a software tool,” he told TechNewsWorld.

Dollars and Cents

The benefits that are attracting businesses to the cloud also are attracting attackers to as a Service offerings.

“You have no setup costs and you have instant service,” Afilias’ Mohan explained. “You define a time period and target, transfer your money, and off you go. You don’t have to get your hands dirty while you try to take down your opponent.”

For many online criminals, the use of as a Service offerings is a simple matter of dollars and cents, noted Josh Shaul, vice president of product management for security at Akamai.

“You get better return by using these services than you do by trying to build the skills yourself, and build your own tools and use them,” he told TechNewsWorld.

Pricing strategies for criminal services follow their legitimate counterparts, Mohan added. Discounts are offered if multiple packages are purchased — or if you buy the DDoS and spam bundle, you can get a lower rate.

Minimal Impact

After Huri and Bidani were arrested, vDOS went dark, Krebs reported.

If it stays offline, it probably won’t have much impact on the DDoS trade other than possibly influencing those selling the service to be more cautious.

“The next set of people that offer a similar set of services will be circumspect,” Afilias’ Mohan said, “but as long as this service is made available at a very low cost of entry, we can expect to see more of such services being offered — not less.”

Although the arrests of the Israeli youths may take one big player off the board, there are many more out there, noted Barracuda’s Ligier.

“It can be difficult to prosecute these people, especially if they’re in countries that are harder to reach than Israel is,” he said.

“If history is any guide, I think there’s already someone who’s stepped in to fill their shoes,” suggested Akamai’s Saul. “You’ll have another vDOS service up in a week that’s offering the same service run by different people.”

FairWare Hackers May Take Ransoms, Keep Stolen Files

The latest ransomware intrusion that targets Linux servers, dubbed “FairWare,” may be a classic server hack designed to bilk money from victims with no intent to return stolen files after payment in bitcoins is made.

Tech support site Bleeping Computer earlier this week reported the threat, based on server administrator comments on its forum. Other reports followed.

The attack targets a Linux server, deletes the Web folder, and then demands a ransom payment of two bitcoins for return of the stolen files, according to BleepingComputer owner Lawrence Abrams.

The attackers apparently do not encrypt the files but may upload them to a server under their control, he noted.

Ransomware or Hack?

Victims first learned about FairWare when they discovered their websites were down. When they logged onto their Linux servers, they discovered that the website folder had been removed. Victims found a note called READ_ME.txt left in the /root/ folder, according to accounts on the forum.

The note contains a link to a further ransom note on pastebin. The link connects to a note telling victims how to obtain their files.

The ransom note on pastebin directs victims to pay two bitcoins to the bitcoin address 1DggzWksE2Y6DUX5GcNvHHCCDUGPde8WNL within two weeks. After paying up, victims were to send an email to fairware@sigaint.org with the server IP address and BTC transaction ID.

The hackers then would provide the victims with access to their files and delete them from the hacker server.

“I am not sure this attack qualifies as ransomware,” observed Chenxi Wang, CSO at Twistlock.

“Even though a ransom demand was made, there is no evidence of an actual malware that infected a vulnerability on the host,” she told LinuxInsider. “This is really more of a classic hack as opposed to a malware-based attack.”

Stern Warning

The FairWare attackers apparently tried to encourage victims to cooperate with their payment demands by including in their directions a link to FBI advice that victims should “just pay the ransom” if no other option existed and they needed access to their encrypted data.

The attackers also invited victims to email questions but warned against testing them with “stupid questions or time wasters,” according to the transcript of the note published on Bleeping Computers.

“Questions such as: ‘can i see files first?’ will be ignored. We are business people and treat customers well if you follow what we ask,” the note says.

Sketchy Details

Not much is known about FairWare — either how it spreads or what methods it employs to hack into servers. That makes it difficult to issue definitive advice on protecting against it.

“At this point, it appears that FairWare is being spread via a WordPress vulnerability, although other vectors are not out of the question,” Core Security System Engineer Bobby Kuzma told LinuxInsider.

The details about the server hacks are still sketchy, Twistlock’s Wang agreed. It appears to be a brute-force attack on SSH (Secure SHell).

“The only way to prevent that is to increase your SSH key length. If you are using 2,048-bit keys, you should consider upgrading to 8,192,” she said.

The sketchy details contribute to the notion that the “ransomware” label in this case is not accurate, said Chris Roberts, chief security architect at Acalvio.

“There’s a lot of talk on both the surface Web and on some of the DarkNet forums that it is nothing more than a scam that has been set up by a team with the hopes of gathering funds,” he told LinuxInsider.

No-Pay Strategy Supported

It appears that no money has been deposited into the digital wallet specified for ransom payments. It is possible that data has been taken, however, and it is also possible that the attackers will release it, Roberts said.

“As an aside, I do love the fact the ransomware chaps quoted the FBI in their letter. It’s awesome to basically cut that argument off at the pass: Standard user/company ‘the FBI will solve it’ has just been nixed,” he added.

Ransomware is a growing concern to enterprises on all levels.

“It’s important to first note that when dealing with ransomware, businesses should never pay the ransom,” said Omer Bitton, vice president for research at enSilo.

“Paying up motivates the threat actors to continue with the practice. Our advice: Stay vigilant for cyberthreats. Back up your data regularly. Share information on cyberattacks and best practices, and deploy technologies that can proactively protect against ransomware,” he told LinuxInsider.

“The costs of good backups are far less than paying a ransom,” Core Security’s Kuzma pointed out.

Who Is at Risk?

At this point, it looks like workstations, laptops and desktops are unaffected by FairWare. That might not be the case for computers that host a publicly accessible WordPress site, however, said Kuzma.

“This is interesting ransomware, since it appears to back up copies of the data offsite, then wipes it from the victim’s system — unlike the normal modus operandi of ransomware, which is to encrypt the data in place,” he said.

Likely targets appear to be Web hosters with websites on Linux systems, said Greg Scott, owner of Infrasupport Corporation.

That makes him a potential victim, since he hosts the website for an IT security educational book he authored on a Red Hat Fedora virtual machine.

The book, Bullseye Breach, is disguised as an international thriller about how Russian mobsters penetrate a large U.S. retailer named “Bullseye Stores” and steal millions of credit cards. In his fictional world, a few good guys come up with a way to fight back.

Potential attackers might want his book website to go offline — and in fact, somebody at a Russian IP Address did attack the site a few months ago, Scott said.

“I stopped it by blocking it at my firewall,” he said, noting that its only exposure to the Internet is incoming Web requests for that site.

Protection Tips

FairWare targets mostly websites that are hosted on Linux servers. Unlike other ransomware, it It usually deletes the website content from the server instead of encrypting the files, which can be less problematic, according to Idan Levin, CTO of Hexadite.

“Most companies have a backup of their websites, so in most cases the victim can easily recover the website files if he was able to clean the ransomware from the server,” he told LinuxInsider. “Linux desktops will probably not be affected by this ransomware since they are not running any website servers.”

Keeping the servers current with software upgrades and security patches is critical. Although the FairWare infection methods remain a mystery, Levin suspects the attacker exploits server side vulnerabilities such as Shellshock or Heartbleed.

“So I would suggest that people make sure their websites software is up to date and that they have an updated backup of their files,” he said.

Placing an orchestration and automation solution into play also would be advisable, Levin added. That would make it possible to stop the ransomware in seconds, before any major damage could be done.

Mozilla Releases Tool for Site Owners to Assess Website Security

The majority of site owners are not doing nearly enough to secure their websites, as over 90 percent of the 1.4 million sites scanned by the new security assessment tool launched by Mozilla received a failing grade. Mozilla recently released Observatory, which it had developed and used internally, for site owners to scan and assess their implementation of a range of security technologies.

So far 1.3 out of 1.4 million sites scanned, including some of the most popular sites in the world, are not leveraging modern security advances, according to a blog post by the tool’s developer.

Mozilla Senior Information Security Engineer April King was inspired by the success that SSL Labs has had gamifying the server configuration improvement process, and resolved to do the same to motivate adoption of existing security technologies.

READ MORE: SMBs Rank Security Above All Else When Selecting Cloud Hosting Provider

Observatory scans sites for security measures like HTTPS, public key pinning, and cross-site scripting protection, and grades them from A+ to F. It also provides links to documentation to help site developers and administrators figure out what they are doing wrong. Mozilla’s internal scans showed that its own sites were not well protected, so the results so far are hardly surprising.

“The Observatory performs a multitude of checks across roughly a dozen tests,” said Mozilla Senior Information Security Engineer April King in the post. “You may not have heard of many of them, and that’s because their documentation is spread across thousands of articles, hundreds of websites, and dozens of specifications. In fact, despite some of these standards being old enough to have children, their usage rate amongst the internet’s million most popular websites ranges from 30% for HTTPS all the way down to a depressingly low .005% for Content Security Policy.”

Mozilla is also offering an API and command-line tools for administrators and developers seeking to integrate it into their process.

King points out that Observatory does not assess the security needs of a site, only its practices, so a personal blog scoring a middling grade may be perfectly adequate. A middling grade would, however, represent a major improvement in security for most sites.

Adoption of encryption by organizations in regulated industries has increased substantially, according to a recent report by Thales, and the confidence companies have in their security is improving, but there is clearly a lot of work to do. Hosting providers have an opportunity to help their customers secure their sites easily and quickly with a wide range of tools, including those by SiteLock or CodeGuard.