WebHostingTalk, one of the largest online forums for discussion of Webhosting and Server related issues, was maliciously attacked over the weekend.
A hacker gained access to an offsite backup server and then used information on that server to walk into the main live server. The hacker deleted the backup databases, and then deleted the live site. Apparently, they also covered their tracks and over wrote the drives so that no possibility of recovery was possible.
On a forum post a community member of WHT revealed the following:
This attack was very deliberate, sophisticated and calculated. The attacker was able to circumvent our security measures and access via an arcane backdoor protected by additional firewall. We are still investigating the situation, but we know the attacker infiltrated and deleted the backups first and then deleted three databases: user/post/thread. We have no record or evidence that private message data was accessed. Absolutely no credit card or PayPal data was exposed.
Unfortunately for WebHostingTalk, the last local offline copy of the system is from late last year. So expect them to be offline for a bit, while they rebuild their database.
It just goes to show how important offline backup is. Make sure you have the correct backup solution.
Read the rest of this entry »
Posted in Internet, Security | No Comments »
For a while I have been writing a blog on Power of Thought and have now decided to migrate it over to StartupTech.
Enjoy reading the articles and feel free to send in any of your own.
Blogging is a great way to gain new visitors and earn respect. Plus search engines just LOVE them!
How do you setup a blog? Want a customised blog for your own website? Contact us now.
Posted in General | 8 Comments »
It could be argued that security vendors are losing the battle with online scammers whose programs sneak onto computers and drop malicious programs, opening the computers up to remote attacks and turning them into zombies in botnet armies.
The problem is that most computers today rely on antivirus software that blocks malware by checking the code in a file against a database of signatures of known viruses. With thousands of new viruses arriving each day, many of them encrypted in part or otherwise disguised with modification, the signature lists require frequent updates and many new viruses slip through undetected.
As a result, security providers are turning their attention to behavior-based approaches for identifying new viruses, with software that focuses on watching for suspicious behavior, such as a program trying to write data to an executable program. Two security companies are set to make announcements on Monday that follow this trend.
Antivirus provider AVG is introducing AVG Identity Protection, software that analyzes the behavior and characteristics of programs running on a computer and shuts down activity that looks suspicious. The software is based on technology the firm acquired when it bought identity theft specialist Sana Security in January.
“The antivirus companies are flooded with malware to add to signature databases,” with 20,000 to 30,000 new unique samples coming out every day, said Roger Thompson, chief research officer at AVG. “It’s time to do something different.”
Meanwhile, Damballa is releasing its Failsafe 3.0 appliance that is designed to discover botnet malware on computers by listening for communications between compromised systems and command-and-control nodes controlled by attackers on the Internet.
As much as 5 percent of computers in a corporation are compromised with targeted attack type of bot malware, even with up-to-date antivirus and intrusion detection software in use, said Bill Guerry, vice president of product management and marketing at Damballa.
Of a sample of more than 200,000 malware samples scanned by a leading antivirus tool over six months, the average gap between the release of the virus and its detection was 54 days, with almost half going undetected on the day received and 15 percent still undetected after 180 days, according to a Damballa study.
Another company, Triumfant, announced behavior-based software last week that protects companies against zero-day attacks that arise from exploits of security vulnerabilities in software that has not yet been patched.
Triumfant Resolution Manager looks for changes in attributes of the computer, such as registry keys, security and port settings, and performance statistics, and removes code that is suspicious.
Read the rest of this entry »
Posted in General | No Comments »
