icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Hackers Steal Data of 2 Million in SQL Injection, XSS Attacks

Summary:
A group known as ‘Resume Looters’ has conducted SQL injection attacks on 65 legitimate job listing and retail websites, compromising the personal data of over two million job seekers, mainly in the APAC region, The group targeted sites in Australia, Taiwan, China, Thailand, India, and Vietnam to steal names, email addresses, phone numbers, employment history, education and other information .

To carry out these attacks, the threat group used tools like SQL map, Acunetix, Beef Framework, Metasploit, and others to exploit vulnerabilities within the targeted websites’ infrastructure. By leveraging these tools, the attackers were able to infiltrate the websites’ defenses and gain unauthorized access to their databases. Once inside, the attackers injected malicious scripts directly into the HTML code of the compromised websites. These scripts were strategically placed to execute upon visitor interaction, thereby enabling the harvesting of sensitive information through phishing forms. Additionally, the hackers employed advanced tactics such as creating fake employer profiles and posting fraudulent CV documents containing XSS scripts to further propagate attacks.

Security Officer Comments:
Despite the clandestine nature of their operations, the attackers made a critical OPSEC error allowing security researchers from Group IB to infiltrate the database hosting the stolen data. This breach provided the valuable insights into the attackers’ modus operandi and revealed that they had managed to establish administrator-level access on some of the compromised websites.

Suggested Corrections:

SQL Injection Prevention

  • Use Parameterized Statements or Prepared Statements: Instead of concatenating user input directly into SQL queries, use parameterized statements or prepared statements provided by your programming language or framework. This helps to separate user input from SQL code.
  • Input Validation: Validate and sanitize user inputs on both the client and server sides. Ensure that inputs adhere to expected formats and length constraints.
  • Web Application Firewalls (WAF): Implement a WAF that can detect and block SQL injection attempts. WAFs can provide an additional layer of defense against various web application attacks.

Cross-Site Scripting (XSS) Prevention

  • Input Validation and Sanitization:
    Validate and sanitize user input on both the client and server sides. Input validation ensures that user input adheres to expected formats, while sanitization helps to neutralize potentially harmful content.
  • Escape User-Generated Content:
    Before rendering user-generated content, escape special characters to ensure that they are treated as literal text and not interpreted as code.

IOCs:
https://www.group-ib.com/blog/resumelooters/

Link(s):
https://www.bleepingcomputer.com/ne...ta-of-2-million-in-sql-injection-xss-attacks/

https://www.group-ib.com/blog/resumelooters/

Contact Us for Threat Assistance
Back to Current Threats