There are many reasons why people start hacking. Some do it for the thrill; others do it as a learning experience. Some do it for money.
There are many different ways how hackers might profit from their trade. Hackers can sell their services to people willing to pay for their hacking skills on underground websites. Others hack in order to acquire credit card numbers, which they subsequently sell or use themselves. Then there are those hackers who try to get access to as many servers as possible and then sell them as a resource for botnets, spamming runs or other activities that require ample processing power and bandwidth.
However, not all hackers are evil. Some will let organizations know when they manage to compromise a server, telling the administrators how they manage to gain access and offer their services for a fee. This kind of ethical behaviour doesn’t always translate into profit since organization are left free to seek council elsewhere, so it’s not surprising that in some cases hackers don’t play nice and make sure their victims pay up or else face consequences. The most effective way for hackers to secure a payment from a targeted company is through ransoms.
Ransoms in the IT industry aren’t news. There were many instances where malware was designed in such a way to encrypt data leaving you with no choice but to pay your attackers for the encryption key. This form of attack has now evolved and has been taken to the next level.
Info Security Magazine reports on how a group of hackers got access to scripts used by one organization. They modified these scripts, so the data stored and retrieved from the backend database was encrypted and decrypted using a key stored remotely. Subsequently they left everything running as normal for six whole months before they made themselves known.
If the hackers had encrypted the database the moment they gained access to it, it is very likely their ransom demand would be unsuccessful. Nowadays, people are much more security conscious and any organization dealing with critical data is likely to have a backup process in place. Why would a company pay a ransom when all they have to do is execute their disaster recovery plan? The hackers know this and by allowing their hack to run for a few months they knew there was a good chance of backups ending up overwritten with encrypted data making them useless.
This story illustrates a weakness many security policies have. It is quite common for companies to deploy scripts, but more often than not these are then completely left to their own devices until, if ever, they require any changes. When scripts aren’t periodically checked, or they aren’t modified, the chances of incurring a number of security risks increase drastically.
I’m not just talking about hackers gaining access to and modifying your scripts for ransomware. Other risks, such as ability to siphon off data, disgruntled employees planting logic bombs or likewise changing the script so that confidential data is sent to employees once they leave the company are all risks associated with not monitoring scripts for unauthorized changes.
For an organization, these risks can become very costly as such scripts might be processing client credit card details or other confidential data. Don’t forget that while an SSL connection provides secure encrypted communication between the client and your server, the script itself has access to that data in plain text form.
The fallout from such vulnerabilities can have ripple effects and losing your data will become the least of your worries. Avoiding such scenarios doesn’t take much effort, especially considering the headaches it can spare. A simple script checking such critical files checksum, together with a good security policy providing some degrees of separation between whoever can change the scripts and whoever is checking the scripts is really all it takes to mitigate this kind of risks.
Certain things should not be taken for granted. Making sure scripts we deploy on our live servers are safe is but the first step. Keeping vigilant and making sure they stay that way will greatly reduce the chances of your company being held at ransom, literally.