Hi, 
Guest
Pic
Sign In

wasc-whid@lists.webappsec.org

WASC Web Hacking Incidents Database

View all threads

WHID 2011-89: China Implicated In Hacking Of SMB Online Bank Accounts

WW
WASC Web Hacking Incidents Database
Wed, Apr 27, 2011 1:04 PM

Entry Title: WHID 2011-89: China Implicated In Hacking Of SMB Online Bank
Accounts
WHID ID: 2011-89
Date Occurred: April 26, 2011
Attack Method: Banking Trojan
Application Weakness: Insufficient Authentication
Outcome: Monetary Loss
Attacked Entity Field: Finance
Attacked Entity Geography:
Incident Description: This time it wasn't an "advanced persistent threat"
that China was associated with: a fraud alert issued by the FBI today
implicates China in a cybercrime operation that bilked U.S.-based small- to
midsize businesses of $11 million over the past year.
Mass Attack: Yes
Number of Sites Affected: 20
Reference:
http://www.informationweek.com/news/security/vulnerabilities/229402300
Attack Source Geography: China
Additional Link:
http://www.ic3.gov/media/2011/ChinaWireTransferFraudAlert.pdf

Entry Title: WHID 2011-89: China Implicated In Hacking Of SMB Online Bank Accounts WHID ID: 2011-89 Date Occurred: April 26, 2011 Attack Method: Banking Trojan Application Weakness: Insufficient Authentication Outcome: Monetary Loss Attacked Entity Field: Finance Attacked Entity Geography: Incident Description: This time it wasn't an "advanced persistent threat" that China was associated with: a fraud alert issued by the FBI today implicates China in a cybercrime operation that bilked U.S.-based small- to midsize businesses of $11 million over the past year. Mass Attack: Yes Number of Sites Affected: 20 Reference: http://www.informationweek.com/news/security/vulnerabilities/229402300 Attack Source Geography: China Additional Link: http://www.ic3.gov/media/2011/ChinaWireTransferFraudAlert.pdf
WW
WASC Web Hacking Incidents Database
Wed, Apr 27, 2011 1:17 PM

Just wanted to send a quick note to the list to highlight some challenges we
face with regards to proper classification (Attack Method, Application
Weakness and Outcome) of incidents.  The DabbleDB we are using for tracking
WHID entries doesn't seem to be able to allow for multiple selections of
categories.  Well, technically it can, but the reporting on this data is
poor.  This is challenging due to the fact that many incidents have
components that fit into multiple areas.  For example, with regards to
Banking Trojans and the underlying Application Weakness, we have two
distinct attack scenarios -

  1. When a banking trojan steals a victim's login credentials and then the
    criminal uses that data to log into the application themselves to transfer
    funds.  In this scenario ­ I label the App Weakness as Insufficient
    Authentication as usually these sites are not using Two-Factor auth which
    allows a criminal to login with only username/password data stolen by the
    Banking Trojan.
  2. When a banking trojan passively waits for a victim to login and then
    submits a transfer request while piggy-backing on the existing transaction,
    however, then this seems that the App Weakness is more Insufficient Process
    Validation as the transfer request usually does not follow the proper
    process flow and should be identified by the banking app as suspicious.
    Anyways, I just wanted to point out this issue to you all.  I will continue
    to work on the DabbleDB schema to see if we can get multiple categories to
    be able to be assigned.

Cheers,
Ryan

From:  WASC Web Hacking Incidents Database wasc-whid@lists.webappsec.org
Reply-To:  wasc-whid@lists.webappsec.org
Date:  Wed, 27 Apr 2011 09:04:49 -0400
To:  wasc-whid@lists.webappsec.org
Subject:  [WASC-WHID] WHID 2011-89: China Implicated In Hacking Of SMB
Online Bank Accounts

Entry Title: WHID 2011-89: China Implicated In Hacking Of SMB Online Bank
Accounts
WHID ID: 2011-89
Date Occurred: April 26, 2011
Attack Method: Banking Trojan
Application Weakness: Insufficient Authentication
Outcome: Monetary Loss
Attacked Entity Field: Finance
Attacked Entity Geography:
Incident Description: This time it wasn't an "advanced persistent threat" that
China was associated with: a fraud alert issued by the FBI today implicates
China in a cybercrime operation that bilked U.S.-based small- to midsize
businesses of $11 million over the past year.
Mass Attack: Yes
Number of Sites Affected: 20
Reference:
http://www.informationweek.com/news/security/vulnerabilities/229402300
Attack Source Geography: China
Additional Link: http://www.ic3.gov/media/2011/ChinaWireTransferFraudAlert.pdf
_______________________________________________ The Web Hacking Incidents
Database Project http://projects.webappsec.org/Web-Hacking-Incident-Database
wasc-whid mailing list wasc-whid@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-whid_lists.webappsec.org

Just wanted to send a quick note to the list to highlight some challenges we face with regards to proper classification (Attack Method, Application Weakness and Outcome) of incidents. The DabbleDB we are using for tracking WHID entries doesn't seem to be able to allow for multiple selections of categories. Well, technically it can, but the reporting on this data is poor. This is challenging due to the fact that many incidents have components that fit into multiple areas. For example, with regards to Banking Trojans and the underlying Application Weakness, we have two distinct attack scenarios - 1. When a banking trojan steals a victim's login credentials and then the criminal uses that data to log into the application themselves to transfer funds. In this scenario ­ I label the App Weakness as Insufficient Authentication as usually these sites are not using Two-Factor auth which allows a criminal to login with only username/password data stolen by the Banking Trojan. 2. When a banking trojan passively waits for a victim to login and then submits a transfer request while piggy-backing on the existing transaction, however, then this seems that the App Weakness is more Insufficient Process Validation as the transfer request usually does not follow the proper process flow and should be identified by the banking app as suspicious. Anyways, I just wanted to point out this issue to you all. I will continue to work on the DabbleDB schema to see if we can get multiple categories to be able to be assigned. Cheers, Ryan From: WASC Web Hacking Incidents Database <wasc-whid@lists.webappsec.org> Reply-To: <wasc-whid@lists.webappsec.org> Date: Wed, 27 Apr 2011 09:04:49 -0400 To: <wasc-whid@lists.webappsec.org> Subject: [WASC-WHID] WHID 2011-89: China Implicated In Hacking Of SMB Online Bank Accounts > Entry Title: WHID 2011-89: China Implicated In Hacking Of SMB Online Bank > Accounts > WHID ID: 2011-89 > Date Occurred: April 26, 2011 > Attack Method: Banking Trojan > Application Weakness: Insufficient Authentication > Outcome: Monetary Loss > Attacked Entity Field: Finance > Attacked Entity Geography: > Incident Description: This time it wasn't an "advanced persistent threat" that > China was associated with: a fraud alert issued by the FBI today implicates > China in a cybercrime operation that bilked U.S.-based small- to midsize > businesses of $11 million over the past year. > Mass Attack: Yes > Number of Sites Affected: 20 > Reference: > http://www.informationweek.com/news/security/vulnerabilities/229402300 > Attack Source Geography: China > Additional Link: http://www.ic3.gov/media/2011/ChinaWireTransferFraudAlert.pdf > _______________________________________________ The Web Hacking Incidents > Database Project http://projects.webappsec.org/Web-Hacking-Incident-Database > wasc-whid mailing list wasc-whid@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/wasc-whid_lists.webappsec.org
WW
WASC Web Hacking Incidents Database
Mon, May 2, 2011 7:28 PM

WHID 2011-90: DSLReports says member information stolen

Entry Title: WHID 2011-90: DSLReports says member information stolen
WHID ID: 2011-90
Date Occurred: April 28, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: News
Attacked Entity Geography: USA
Incident Description: Subscribers to ISP news and review site DSLReports.com
have been notified that their e-mail addresses and passwords may have been
exposed during an attack on the Web site earlier this week.
The site was targeted in an SQL injection attack yesterday and about 8
percent of the subscribers' e-mail addresses and passwords were stolen,
Justin Beech, founder of DSLReports.com, wrote in an e-mail to members. That
would be about 8,000 random accounts of the 9,000 active and 90,000 old or
inactive accounts created during the site's 10-year history, Beech said in
an e-mail to CNET today.
Mass Attack: No
Reference: http://news.cnet.com/8301-27080_3-20058471-245.html
Attack Source Geography:

WHID 2011-90: DSLReports says member information stolen Entry Title: WHID 2011-90: DSLReports says member information stolen WHID ID: 2011-90 Date Occurred: April 28, 2011 Attack Method: SQL Injection Application Weakness: Improper Input Handling Outcome: Leakage of Information Attacked Entity Field: News Attacked Entity Geography: USA Incident Description: Subscribers to ISP news and review site DSLReports.com have been notified that their e-mail addresses and passwords may have been exposed during an attack on the Web site earlier this week. The site was targeted in an SQL injection attack yesterday and about 8 percent of the subscribers' e-mail addresses and passwords were stolen, Justin Beech, founder of DSLReports.com, wrote in an e-mail to members. That would be about 8,000 random accounts of the 9,000 active and 90,000 old or inactive accounts created during the site's 10-year history, Beech said in an e-mail to CNET today. Mass Attack: No Reference: http://news.cnet.com/8301-27080_3-20058471-245.html Attack Source Geography:
WW
WASC Web Hacking Incidents Database
Mon, May 2, 2011 7:29 PM

WHID 2011-91: Rabobank network floored by cyber attack

Entry Title: WHID 2011-91: Rabobank network floored by cyber attack
WHID ID: 2011-91
Date Occurred: May 2, 2011
Attack Method: Denial of Service
Application Weakness: Insufficient Anti-automation
Outcome: Downtime
Attacked Entity Field: Finance
Attacked Entity Geography: Netherlands
Incident Description: Internet and mobile banking at the Rabobank has been
badly hit by an attack on its computer network, the company reported on
Monday.
The denial of service attack, in which the target computer is saturated with
external communications requests, has made the network unavailable to its
customers.
Mass Attack: No
Reference:
http://www.dutchnews.nl/news/archives/2011/05/rabobank_network_floored_by_cy
.php
Attack Source Geography:

WHID 2011-91: Rabobank network floored by cyber attack Entry Title: WHID 2011-91: Rabobank network floored by cyber attack WHID ID: 2011-91 Date Occurred: May 2, 2011 Attack Method: Denial of Service Application Weakness: Insufficient Anti-automation Outcome: Downtime Attacked Entity Field: Finance Attacked Entity Geography: Netherlands Incident Description: Internet and mobile banking at the Rabobank has been badly hit by an attack on its computer network, the company reported on Monday. The denial of service attack, in which the target computer is saturated with external communications requests, has made the network unavailable to its customers. Mass Attack: No Reference: http://www.dutchnews.nl/news/archives/2011/05/rabobank_network_floored_by_cy .php Attack Source Geography:
WW
WASC Web Hacking Incidents Database
Mon, May 2, 2011 7:37 PM

WHID 2011-92: Anonymous attacks Iranian state websites

Entry Title: WHID 2011-92: Anonymous attacks Iranian state websites
WHID ID: 2011-92
Date Occurred: May 2, 2011
Attack Method: Denial of Service
Application Weakness: Insufficient Anti-automation
Outcome: Downtime
Attacked Entity Field: Government
Attacked Entity Geography: Iran
Incident Description: The infamous Anonymous hacking group has crippled a
string of Iranian state websites including those of the Office of the
Supreme Leader, state police and the Islamic Revolutionary Guards in attacks
launched yesterday.
Mass Attack: No
Reference:
http://www.securecomputing.net.au/News/256057,anonymous-attacks-iranian-stat
e-websites.aspx
Attack Source Geography:

WHID 2011-92: Anonymous attacks Iranian state websites Entry Title: WHID 2011-92: Anonymous attacks Iranian state websites WHID ID: 2011-92 Date Occurred: May 2, 2011 Attack Method: Denial of Service Application Weakness: Insufficient Anti-automation Outcome: Downtime Attacked Entity Field: Government Attacked Entity Geography: Iran Incident Description: The infamous Anonymous hacking group has crippled a string of Iranian state websites including those of the Office of the Supreme Leader, state police and the Islamic Revolutionary Guards in attacks launched yesterday. Mass Attack: No Reference: http://www.securecomputing.net.au/News/256057,anonymous-attacks-iranian-stat e-websites.aspx Attack Source Geography:
WW
WASC Web Hacking Incidents Database
Mon, May 2, 2011 7:41 PM

WHID 2011-93: Hacker posts screenshot of sex video on SPAD website

Entry Title: WHID 2011-93: Hacker posts screenshot of sex video on SPAD
website
WHID ID: 2011-93
Date Occurred: May 2, 2011
Attack Method: Unknown
Application Weakness: Improper Output Handling
Outcome: Defacement
Attacked Entity Field: Government
Attacked Entity Geography: Malaysia
Incident Description: The Land Public Transport Commission (SPAD) website
was hacked yesterday and a screenshot of the controversial sex video
allegedly involving a top politician was posted on its main page.
Mass Attack: No
Reference:
http://thestar.com.my/news/story.asp?file=/2011/5/2/nation/8591951&sec=natio
n
Attack Source Geography:

WHID 2011-93: Hacker posts screenshot of sex video on SPAD website Entry Title: WHID 2011-93: Hacker posts screenshot of sex video on SPAD website WHID ID: 2011-93 Date Occurred: May 2, 2011 Attack Method: Unknown Application Weakness: Improper Output Handling Outcome: Defacement Attacked Entity Field: Government Attacked Entity Geography: Malaysia Incident Description: The Land Public Transport Commission (SPAD) website was hacked yesterday and a screenshot of the controversial sex video allegedly involving a top politician was posted on its main page. Mass Attack: No Reference: http://thestar.com.my/news/story.asp?file=/2011/5/2/nation/8591951&sec=natio n Attack Source Geography:
WW
WASC Web Hacking Incidents Database
Mon, May 2, 2011 7:46 PM

WHID 2011-94: High school hackers expose security gap in Seattle Public
Schools

Entry Title: WHID 2011-94: High school hackers expose security gap in
Seattle Public Schools
WHID ID: 2011-94
Date Occurred: May 1, 2011
Attack Method: Stolen Credentials
Application Weakness: Insufficient Authentication
Outcome: Disinformation
Attacked Entity Field: Education
Attacked Entity Geography: Seattle, WA
Incident Description: District officials suspect a student, or several,
swiped teachers' passwords for online grade books, possibly using a
key-logger device or keystroke-recording software that captures every
keystroke, including IDs and passwords
Mass Attack: No
Reference:
http://seattletimes.nwsource.com/html/editorials/2014914193_edit02grades.htm
l
Attack Source Geography:

WHID 2011-94: High school hackers expose security gap in Seattle Public Schools Entry Title: WHID 2011-94: High school hackers expose security gap in Seattle Public Schools WHID ID: 2011-94 Date Occurred: May 1, 2011 Attack Method: Stolen Credentials Application Weakness: Insufficient Authentication Outcome: Disinformation Attacked Entity Field: Education Attacked Entity Geography: Seattle, WA Incident Description: District officials suspect a student, or several, swiped teachers' passwords for online grade books, possibly using a key-logger device or keystroke-recording software that captures every keystroke, including IDs and passwords Mass Attack: No Reference: http://seattletimes.nwsource.com/html/editorials/2014914193_edit02grades.htm l Attack Source Geography:
WW
WASC Web Hacking Incidents Database
Tue, May 3, 2011 12:41 PM

WHID 2011-95: Researchers Catch Targeted Attack On Popular Soccer Website

Entry Title: WHID 2011-95: Researchers Catch Targeted Attack On Popular
Soccer Website
WHID ID: 2011-95
Date Occurred: May 2, 2011
Attack Method: Unknown
Application Weakness: Improper Output Handling
Outcome: Planting of Malware
Attacked Entity Field: Sports
Attacked Entity Geography: Luxembourg
Incident Description: A popular sports website late last week was spotted
serving up malware in what researchers say appears to be a targeted attack
and not part of a mass SQL injection campaign.
Mass Attack: No
Reference:
http://www.darkreading.com/advanced-threats/167901091/security/application-s
ecurity/229402594/researchers-catch-targeted-attack-on-popular-soccer-websit
e.html
Attack Source Geography:
Attacked System Technology: WordPress

WHID 2011-95: Researchers Catch Targeted Attack On Popular Soccer Website Entry Title: WHID 2011-95: Researchers Catch Targeted Attack On Popular Soccer Website WHID ID: 2011-95 Date Occurred: May 2, 2011 Attack Method: Unknown Application Weakness: Improper Output Handling Outcome: Planting of Malware Attacked Entity Field: Sports Attacked Entity Geography: Luxembourg Incident Description: A popular sports website late last week was spotted serving up malware in what researchers say appears to be a targeted attack and not part of a mass SQL injection campaign. Mass Attack: No Reference: http://www.darkreading.com/advanced-threats/167901091/security/application-s ecurity/229402594/researchers-catch-targeted-attack-on-popular-soccer-websit e.html Attack Source Geography: Attacked System Technology: WordPress
WW
WASC Web Hacking Incidents Database
Tue, May 3, 2011 12:42 PM

WHID 2011-96: Click-jacking on Facebook

Entry Title: WHID 2011-96: Click-jacking on Facebook
WHID ID: 2011-96
Date Occurred: May 2, 2011
Attack Method: Clickjacking
Application Weakness: Application Misconfiguration
Outcome: Link Spam
Attacked Entity Field: Web 2.0
Attacked Entity Geography: USA
Incident Description: WebSense analyzes a recent click-jacking attack
against FaceBook users.
Mass Attack: No
Reference:
http://community.websense.com/blogs/securitylabs/archive/2011/05/02/a-weeken
d-of-click-jacking-on-facebook.aspx
Attack Source Geography:
Attacked System Technology: Facebook

WHID 2011-96: Click-jacking on Facebook Entry Title: WHID 2011-96: Click-jacking on Facebook WHID ID: 2011-96 Date Occurred: May 2, 2011 Attack Method: Clickjacking Application Weakness: Application Misconfiguration Outcome: Link Spam Attacked Entity Field: Web 2.0 Attacked Entity Geography: USA Incident Description: WebSense analyzes a recent click-jacking attack against FaceBook users. Mass Attack: No Reference: http://community.websense.com/blogs/securitylabs/archive/2011/05/02/a-weeken d-of-click-jacking-on-facebook.aspx Attack Source Geography: Attacked System Technology: Facebook
WW
WASC Web Hacking Incidents Database
Tue, May 3, 2011 12:46 PM

WHID 2011-97: Man who liveblogged Bin Laden raid was hacked

Entry Title: WHID 2011-97: Man who liveblogged Bin Laden raid was hacked
WHID ID: 2011-97
Date Occurred: May 2, 2011
Attack Method: Unknown
Application Weakness: Improper Output Handling
Outcome: Planting of Malware
Attacked Entity Field: Blogs
Attacked Entity Geography: Pakistan
Incident Description: The Pakistani programmer who dubbed himself "the guy
who liveblogged the Osama raid without knowing about it" is also the guy who
got his website hacked without knowing about it.
Mass Attack: No
Reference:
http://www.computerworld.com/s/article/9216341/Man_who_liveblogged_Bin_Laden
_raid_was_hacked
Attack Source Geography:
Attacked System Technology: WordPress

WHID 2011-97: Man who liveblogged Bin Laden raid was hacked Entry Title: WHID 2011-97: Man who liveblogged Bin Laden raid was hacked WHID ID: 2011-97 Date Occurred: May 2, 2011 Attack Method: Unknown Application Weakness: Improper Output Handling Outcome: Planting of Malware Attacked Entity Field: Blogs Attacked Entity Geography: Pakistan Incident Description: The Pakistani programmer who dubbed himself "the guy who liveblogged the Osama raid without knowing about it" is also the guy who got his website hacked without knowing about it. Mass Attack: No Reference: http://www.computerworld.com/s/article/9216341/Man_who_liveblogged_Bin_Laden _raid_was_hacked Attack Source Geography: Attacked System Technology: WordPress
Next page
Empathy v1.0   2024 ©Harmonylists.com