listed for sale on the dark web
Companies listed on the ASX, including financial services, law firms, an insurer and one adult entertainment store are among hundreds of Australian websites for sale on the dark web.
The websites are part of a list of 43,000 hacked servers available for sale on MagBo, the shadowy online marketplace where cyber criminals sell access to websites for as little as $US1 ($1.46) and as much as $US10,000.
‘‘It’s an important message to get out to Australian businesses,’’ said Andrew Murray, CEO of Curve Securities, which offers fixed income advisory services and was one of the websites identified by The Australian Financial Review as being compromised.
Curve’s website said it has helped place more than $80 billion for clients, including 160 local, state and federal governments. When approached about the hack, Mr Murray said the incursion had been identified and rectified in late 2019, though further checks were undertaken.
Curve conducted a ‘‘deep dive’’ into its systems, Mr Murray said, and none of the company’s day-to-day operations occurred on the compromised server. ‘‘We’re fortunate that our website is really just a brochure,’’ he said. ‘‘There are a lot worse situations.’’
Access to websites for sale on MagBo is gained through ‘‘web shell malware’’, which hackers install on compromised servers. MagBo, founded in 2018 and with exponential growth, is considered the ‘‘go-to’’ marketplace for cyber criminals.
The US National Security Agency and the Australian Signals Directorate issued a cyber security information update in April warning of the increased threat posed by web shell malware: ‘‘Web shells provide attackers with persistent access to a compromised network using communication channels disguised to blend in with legitimate traffic.
‘‘Web shell malware is a longstanding, pervasive threat that continues to evade many security tools,’’ it said.
Elad Ezrahi, threat intelligence team leader at Israeli intelligence company KELA, said web shells could be used for nefarious purposes. Remote access markets served as a gateway for obtaining data, he said.
Government services and e-commerce stores attract a premium because they contain valuable data. Personal information and credit card details are particularly valuable as they can be sold in other dark web marketplaces. The Financial Review identified numerous Australian credit cards available for sale.
‘‘If the web shell enables the actor to abuse the mail server of the compromised website, the actor could use it to send spam and phishing emails,’’ Mr Ezrahi said. ‘‘If the compromised site is of a governmental entity, for example, the consequences can be notably severe.’’
Most of the cyber criminals operating on the dark web originated in eastern Europe and were motivated by profit rather than state-sponsored espionage, Mr Ezrahi said.
KELA specialises in dark web threat intelligence and offers its clients a realtime dark web search engine called Darkbeast, as well as the dark web equivalent of Google alerts.
The coronavirus pandemic has proved a boon for hackers as millions of employees moved to remoteworking environments.
In April, Google’s threat analysis group said it had identified more than a dozen government-backed hacking groups trying to use COVID-19 themes ‘‘as [a] lure for phishing and malware attempts’’.
‘‘We’ve also seen attackers try to trick people into downloading malware by impersonating health organisations,’’ said Shane Huntley, head of Google’s threat analysis group.
Courtesy: Ronald Mizen – Australian Financial Review
WEBFAST Security Division
Hacked Aussie Websites
Do you have a cyber security plan in place?
Cyber criminals easily hacked Aussie websites impersonating well known organisations, utilities, telcos and brands.
WEBFAST Security Division will formulate a Cyber Security Plan for you business or organisation to assist you countering malware attacks!