Hackers compromised thousands of FTP sites to plant their malware or to attempt to compromise connected web services. This week Hold Security’s Deep Web Monitoring Service obtained evidence of hackers abusing FTP sites of companies of all sizes across the globe. Hackers planted PHP scripts armed with backdoors (shells) and viruses in multiple directories hoping that these directories map to web servers of the victim companies to gain control of the web services.
How fast time flies! Only six months ago Hold Security announced a public offering of our Deep Web Monitoring services, and since then we’ve helped many companies identify, minimize, and eliminate security threats. Today, we are breaking out the most popular part of the Deep Web Monitoring as a separate offering, and are proud to introduce Hold Security’s Credentials Integrity Services. One of the most valuable bounties for the hackers are your credentials – user IDs (email addresses) and passwords.
“TRUST US; YOUR DATA IS SECURE” states the Data Security page on CorporateCarOnline’ s website but it didn’t stop the cyber gang responsible for LexisNexis, Adobe, PR Newswire and many other breaches. On September 28, Hold Security Deep Web Monitoring identified a database with nearly 10 million records on the same server where Adobe and PR Newswire data was found. It was identified to belong to CorporateCarOnline, who later confirmed the ownership.
The same group of cyber criminals responsible for LexisNexis, NW3C, and Adobe breaches also had stolen data that belongs to PR Newswire. Partial website source code and configuration data along with a database of PR Newswire customers was found on the same server where Adobe System’s source code was located. Cleverly disguised as an image, an archive of PR Newswire was found on hackers’ repository server. The database date appears to be from March 8, 2013 but it is unclear yet if the breach had happened at the same time or at a later date as the archive was created on April 22, 2013.