Russian hacker Rasputin hits universities, state and fed government agencies
By Prempal Singh
Rasputin, a Russian hacker who in December 2016 permeated the network of the U. S. Electoral Assistance Commission and then put its database up for sale on the undercover market, has been recognized continuing his nefarious activities.
New research has just been released from Documented Future that confirms the hacker hit 60 organizations, including a number of universities (NYU, Cornell, Oxford, Cambridge), city governments (Springfield, Mass.; Pittsburgh, Pa., Alexandria, Va. ), state government authorities (Oklahoma), and federal companies (U. S. Department of Housing and Urban Development). He has been offering access to most of these systems since December 2016, the report found.
The Russian hacker, dubbed Rasputin by Recorded Future, has already been well known for his incursion into the EAC. He used similar strategies in his latest hacks, namely finding and exploiting vulnerable web applications via an amazing SQL injection (SQLi) tool.
This strategy, the statement explained, has been used for 15 years as the flaw is theoretically easy and provides a high success rate for attackers. Once it discovered Rasputin’s incursion into the EAC, Recorded Future continuing monitoring his campaigns which it saw were focusing on a number of specific industry verticals. It decided that the miscreant was targeting those verticals depending on “the organization’s perceived investment in security controls and the respective compromised data value. ” As well, the databases of these entities are most likely targets still to pay to the quantity of private information they each contain, the research said.
“SQL injection has existed since databases first made an appearance on the internet”, the report explained. “When a user is allowed to interact directly with a database, through an application in an online internet browser, without checking or disinfection the input prior to the data source executes the instruction(s), a SQL injection vulnerability is present. ”
A number of free tools are easily available to lure beginner hackers. A few clicks through “point and click” menus and the newbie attacker can have their look for vulnerable websites computerized and the exploitation started. While white hat cyber-terrorist use a number of these tools to locate SQL flaws in order to issue notifications, at the same time the tools can be put to work with by those out to exploit the flaws.
Rasputin, the report stated, developed his own proprietary SQLi tool, a clear indication of his technical elegance. Unfortunately, cloaked in semi-anonymity, he can use his skills to hit directories whose worth on the black market is highly valued. The irony is, the report stated, these SQLi flaws are easily remedied with coding best practices.
The solution, the report said, “may require expensive projects to improve or replace vulnerable systems. ” Unfortunately, it added, many of these endeavors are put off still to pay to budget restrictions, allowing the vulnerabilities to stay exposed.
The challenge is to impress after organizations the advantages of proper audits of internal and vendor code before it goes into production, perhaps with financial incentives, the Recorded Future report mentioned.
“Raising awareness among designers is worthwhile and OWASP is constantly on the perform a valuable community service through education, but eradicating SQLi weaknesses will likely require rigid penalties for inaction”, the report concluded.
Source: scmagzine.com