Very Bad Press

 In ITC's Threat of the Week

Buckle up tight, it has been a very busy week.

First, let us discuss how the on-going campaign against WordPress sites using malicious advertising actually works.

Security professionals the world over, not to mention readers of this missive, will be very well aware of the infection vector posed by WordPress. First of all there are the numerous errors in the content engine, which over the years have been used to take down and edit sites with impunity. However worrying that is, it appears to be dwarfed by the subsequent (post WordPress hack) activity of an individual (or cabal of individuals), dubbed ‘Master134’ (Mwahahaha, Mwahahaha) by none other than Check Point.

This outfit has been abusing the advertising systems, which as you will know use an automated auction to place adverts on webpages in real time, to sell advertising placement to fraudsters various including dirty Crypto-Miners, low-life Ransomware exponents and loathsome Banking Trojaneers.

With more than 40,000 infection attempts from 10,000 hacked WordPress sites (ongoing) per week, this is serious stuff. If you have a WordPress site, please make sure that you have relevant protections in place, perform an audit and consider using a Web Application Firewall like CloudFlare.

If you can’t be bothered to read the whole Check Point announcement, the lovely folks at El Reg have summarised the situation perfectly.

We had no idea about the complexity of the online advertising world and the scale to which it was being abused until we bumped into a start-up called DevCon (see what they did there), which is on a mission to assist the entire advertising ecosystem to identify and manage this massive problem. If you are in the advertising content, distribution or delivery business, or you serve up automated ads, you could do worse than having a look at what they do.

Onto the next subject; WikiLeaks has been in the news this week, but not for the self-serving reasons that the massive egomaniacs (yes, yes, him) would like.

An activist called Emma Best has leaked thousands of internal WikiLeaks private tweets, which have been alluded to by the American press for some time and are now available for your review.

They expose an organisation with highly shady motivation (surprise!), hell bent on manipulation. We are trawling through them. Some are astonishing. If you have a dentist’s appointment or anything else you would rather do than read thousands of tweets, here is a summary.

And now, as they say, we come to the tragic bit. You will remember that back in June of this very year, the serially unfortunate (ahem) folks at Dixons Carphone announced a breach exposing details of 5.9Million User’s card details (a mere flesh wound).

Well it turns out that Dixons Carphone is using the very same Babbage’s Analytical Engine that it uses for security as it does for adding stuff up. Perhaps it accidentally pressed the lower shift key or something, because it announced this week that it is more like 10 Meeeelion user details. One day the truth will out, possibly via the Information Commissioner’s Office.

You name yourself after a footballer of yesteryear and a device long obsolete, supported by ancient legacy technology and ignore the clues presented by the numerous breaches suffered by your group…….

Finally, for all of you Disciples of The Sacred Orchard, aka iPhone users, there appears to be a concerted scam on-going, which invites users to contact ‘Apple Care’ (really ‘Bad Apple Care’) using a freephone number. Discovered by ars Technica (how did they ever decide on that name?) and currently USA focussed, this looks like a grower.

As an aside, back in the day, the computer business Wang, set up by one Fred Wang to try and get IBM back for ripping him off for his patents, had a support programme, presumably conceived over there <—–. It was called Wang Care. True words, mostly irrelevant, but true nonetheless.

Now we know that no one reading this blog is going to click on something as blatantly fraudulent as this, are you? However, your less tech savvy friends and more importantly family, young and old, might not have the wit of Wile.E.Coyote, especially after a few Pastis or Sangrias. Do them a favour and warn them.

If you would like assistance with your WordPress site, to have a chuckle about the WikiLeaks twitter leaks, want to upgrade your Lyons Electronic Office, or require any other Cyber-Security advice, please contact us at: enquiries@itcsecure.com or call 020 7517 3900 where our seasoned, if not gnarly, professionals will be happy to help.

 

Author: Kevin Whelan

Recent Posts

Leave a Comment

Contact ITC Secure

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return