People in various communities, with and without technical skills are concerned of hackers. Most of that talk is by general population, who do not actually understand much about cyber security. The saying goes that ignorance is a bliss, but it can also be a burden, not knowing and being very concerned, with limited abilities to attack the problem or the concern.
Just recently, there was yet another two hacks, which I became aware of, and assisted with knowledge I have.
Case 1: Facebook Scam
The first case was on Facebook scam, where ordinary user account was hijacked, and used to post messages to scam people to make online purchases on products with massive discounts. The reality seems that products may or may not be shipped, and if something got shipped, they were simply fake products. Interesting enough, these post appeared on the timeline, without the user herself knowing, until the other people notified her that this is happening. So, we spent a good deal of time cleaning the timeline, and untagging people from those malicious posts. Checked devices for malware, removed apps, and of course changed passwords. Yet, the thing came back, we saw logins to the account all over the world, which points to a botnet, harnessing a power of large array of hijacked computers, working for the hackers. As of today, we do not have a detailed knowledge how the hackers got on to the Facebook account, but we suspect that the same passwords old and also the new one, was being used in other locations, and both of those locations have experienced data leakage – in other words, the other sites got hacked, passwords leaked, and the same passwords worked also on the Facebook account, twice!
It was only after third password change, the malicious posts and logins stopped.
Learning point #1: Never ever use the same password twice
Always use a fresh, unique password, which is at least 20+ characters/numbers long. This practice will limit the usage of the password and damage caused by hackers to single site/system. The black hats will try your leaked passwords on every platform they can think of, to get access more of your assets, and in the worst case, able to hijack your whole digital identity across properties in internet.
Case 2: WordPress Site Got Hacked
The second case is about WordPress site, which got hacked. One of the initial studies was availability of backups, and unfortunately the hack had happened several months back. Yes, apparently site owner was not particularly up to date with her property. Luckily, it seems the damage was minimal, essentially diverting the traffic from original site to another one, pointing legit visitors to a malicious site. After spending time to understand the depth of the hack, we identified that there was outdated plugin on the site, and the plugin contained vulnerability allowing remote code execution with admin rights. This basically allowed hacker to mess with the site as she/he wanted. The end result of the hack was non working site, and redirection to undesired site. Luckily, we were able to clean the site and block the future similar attacks.
Learning point #2: Keep your WordPress site plugins updated
Learning point #3: Have Working Backups
While looking out for updated software, and vulnerabilities, do ensure that you have working backups. Meaning, that backups are being taken, those are available, and also possible to restore, when the worst happens. Rebuilding the site is a major task, anything small is worth thousands of dollars, and countless hours of creative work, which will never come up the same. When was the last time, you checked that backup restoration actually works?
At GRIT Online we help our clients, and even beyond, to secure their bases with resources available.
Keep learning and stay safe!