Websites a Ransomware Risk

Wednesday, September 9, 2015 @ 03:09 PM gHale

Because of out-of-date software, 142 million legitimate websites could be serving up ransomware to users, a new study said.

Hackers were using the Neutrino Exploit Kit to inject malicious scripts into outdated webserver software that could potentially reach 400 million users, according to the research carried out by IT security firm Heimdal Security.

Stealthy Ransomware for Android
Cyber Criminal Minds Working Overtime
Firms Fear Nation-State Attacks
Simple, Sophisticated Attacks Growing

The attack mainly directs at websites running out of date versions of the WordPress content management system or outdated plugins, said Andra Zaharia at Heimdal Security in a blog post.

She said that out of the one billion websites in the world, 58.7 percent of them run WordPress and over 20 percent of these installations run an outdated version, meaning around 142 million such websites could be vulnerable to ransomware attacks.

“Even websites that run the latest version of WordPress could be vulnerable to this attack if they run outdated plugins and lack in proper security settings,” she said.

She said the attack is not just for WordPress websites so the figure could potentially be greater.

Zaharia said the exploit worked by injecting a malicious script on the target website that references a halfway house on an attacker’s domain. This domain redirects traffic toward the commercial exploit kit Neutrino, which then tries to force feed the victim’s system with a Teslacrypt variant, a ransomware Trojan.

“Neutrino will exploit writing condition vulnerabilities in Adobe Flash Player, Internet Explorer and Adobe Reader/Acrobat. All the mentioned vulnerabilities are recent and have a low antivirus detection rate because of the multilayer obfuscation system that Neutrino exploit kit uses,” Zaharia said.

“Website administrators, bloggers and everyone who uses a CMS should once again understand that patching and installing the latest updates is key to ensuring basic cyber security for any type of website and platform, and that security provisions are not only essential for themselves, but for their readers as well,” Zaharia said.