IPS Web-hosting Provider Saved from Systems Hack
A systems hijack was averted at Invision Power Services a provider of web-hosting facility, this April 2016, and so clients potentially saved from destruction, after security investigators collated intelligence about a cyber-criminal conspiracy which had been opening up on World Wide Web's shady region.
A con artist named AlphaLeon spearheaded the conspiracy. The person, understandably, also sold Thanatos (another name Alphabot) a Trojan uncovered recently, on illegal forums. SurfWatch Labs released one fresh report indicating how AlphaLeon in a most recent conspiracy sought to hijack IPS through software flaw not yet patched.
Luckily, the bad actor's scheme got detected otherwise IPS could've let its customer base compromised; the customers including certain professional sports clubs as well as entertainment and media organizations.
Thanatos was designed to appear appealing to clients so it was touted like one Malware-as-a-Service base on rent. The purpose was to make the Trojan work on a botnet, which according to infosec community, is a massive structure of contaminated PCs. The bigger the botnet, the simpler it's for launching any online assault.
Following getting a hold over Invision's servers, AlphaLeon planned for reaching the online sites that IPS' clients browsed so an attack toolkit could be placed on those sites' web-pages. This toolkit, without any external effort, would mechanically contaminate people visiting the websites with Thanatos via abusing security flaws within the visitors' obsolete browser plug-ins and Web-browsers.
Clients of IPS are big companies like the NHL, Evernote, Bethesda Softworks, the Warner Music group, along with LiveNation. IPS lets clients establish wholly working websites, including electronic commerce stores besides traditional IP.Board portals.
Security investigators dealing on the dark web informed Invision that didn't know about the hacker's plan to attack, located his entry point; while immediately derailed his admission. All this occurred during April-beginning, while investigation of the potential hack is ongoing at IPS.
Thanatos, from March-beginning, has evolved from a mere banker Trojan to currently get fresh updates that are add-on modules, which let hirers of Thanatos botnet deliver ransomware, execute DDoS assaults, steal Bitcoin, view inside victims' webcams, filch login credentials related to different gaming platforms, or distribute spam.
» SPAMfighter News - 27-04-2016