Russian Cyber-Gang Gathers 1.2B Login Credentials Via Website Flaws
A Russian gang of cyber-criminals uses a common class of vulnerabilities in Websites to steal 1.2 billion unique email addresses and passwords, says a security researcher.A Russian cyber-criminal group compromised more than 400,000 servers and Websites using a common class of software flaw, known as a SQL injection vulnerability, to steal more than 1.2 billion usernames and passwords, according to Hold Security, which found the cache of credentials online. The group, dubbed "CyberVors" by the security firm, initially bought a database of stolen credentials and used that to broadly attack other users via phishing, but had only moderate success. They changed tactics earlier this year, using a rented botnet to search out vulnerable servers and use SQL injection attacks to compromise the systems, Alex Holden, principal consultant with Hold Security, said in a blog post. "The CyberVors did not differentiate between small or large sites," Holden said. "They didn’t just target large companies; instead, they targeted every site that their victims visited. With hundreds of thousands sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites." The attack underscores that many Web sites and servers continue to have poor security and that passwords reuse continue to be a danger, since a credential stolen from one service can be used at other services and even to access corporate networks, if the employee reuses their password and email address.
"Credentials are highly valuable to hackers since they are the new 'skeleton keys' for personal and work accounts," Eric Chiu, president and co-founder of cloud-security firm HyTrust, said in a statement sent to eWEEK. "Hackers are leveraging social engineering, phishing, and other APTs to steal these credentials which they can use to access bank accounts or steal identities."