Thousands compromised as hackers target schools, banks

Powered by SC Magazine
 

Attackers gain foothold in corporate networks.

More than 32,000 individuals and 4000 US organisations have potentially been compromised as part of a new malware campaign that targets local institutions like community halls, shopping centres and schools.

The compromised hosts belonged to government, technology and defence industry staff who RSA said were targeted in a single attack by criminals wanting to get inside the companies' networks.

The attackers hoped hijacked machines would be taken back inside the corporate network where the malware would infect more machines and steal data.

Attackers had infected the websites of banks and even schools near the residential areas where employees likely lived.

These sites served as community hubs and were likely to be visited by many of the targeted individuals, RSA chief information security officer Eddie Schwartz told SC.

The security firm dubbed the sites "watering holes" in recognition of their ability to draw crowds, and as a hunting ground for predators.

Initial reports from RSA's server logs reported most victims were located in Massachuttes and Washington DC.

However, Schwartz said the attacks were happening elsewhere including Asia.

"These [victims] are your school web sites and banks -— any organisation within certain geographic locations," Schwartz said.

"I bet any money it's happening in Australia."

Victim websites would be loaded with a JavaScript that redirected users to other sites which hosted exploit kits.

Those exploit sites would check that a victim was running both Windows and a vulnerable version of Internet Explorer before an instance of the Gh0st remote access tool was installed.

That tool granted attackers a host of functions including the ability to install malware and grab data.

RSA researchers are drafting a paper expected to be released in coming weeks that details more information on the attacks.

Copyright © SC Magazine, Australia


Thousands compromised as hackers target schools, banks
Tags
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1031

Vote