Russian Hackers and What It Means for Your Website

A group of Russian hackers, dubbed the CyberVor hackers by Hold Security, stole more than one billion passwords from sites both big and small this year. The group used a botnet to steal the passwords from an estimated 400,000 sites.

A botnet is basically a virus that infects a network of computers. The botnet then acts in the background doing one thing and doing it very well. In this case, it tested every website those using any of those networked computers visited to try to find security vulnerabilities. The attack was an SQL injection.

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, Hold Security Chief Information Security Officer (CISO). “Most of these sites are still vulnerable.”

How the SQL Injection Works

The attack is performed by the bot finding any blank fields that can be typed into, such as comment boxes, searches and other blank boxes. The bot then starts working to see if the site can be hacked into and secure information compromised, such as:

• Names
• Addresses
• Passwords
• Credit card numbers

NBC News indicates that website owners can protect the forms on their websites.

The website’s creators just have to make sure those fields can’t use certain characters, or access a separate system from the main databases. – NBC News

However, it is difficult to make sure you’ve caught every possible security vulnerability. Many news media sites equate the CyberVor hackers with household burglars. The burglar, or hacker, goes to each and every window and door in your home, trying to find one that is left open or easy to break into. The hackers do the same thing on your website, systematically testing each and every possible point of entry.

Protecting Your Site and Your Visitors

There are some very specific things you can do to protect both your website and your site visitors from this attack.

First, change your passwords that you use to access your websites and WordPress databases. Make the passwords as strong as possible.

• Use upper and lower case letters.
• Use at least two numbers.
• Use special characters, such as ! and ?
• Do not use the same password for all your sites or sites you log into and do not use a “system”, such as changing one number or letter for each consecutive password.

Next, you will want to use some best practices when it comes to SQL-based sites.

• Try not to use dynamic SQL unless absolutely vital to the running of your site.
• Install patches as soon as they are released.
• Use input validation techniques where data input by users is authenticated based on very specific rules, such as length of query, type of query, and specific syntax. For example, if the field is for an email address, then there should be some settings that only accept characters that are in an email address. There should be an @, there should be a dot. There could be letters and numbers. There should not be any other characters, such as ! or ?.

You may also want to check out Acunetix’s Vulnerability Scanner, which will tell you where your site might be vulnerable to attacks.

While the Russian group did manage to obtain a large number of user passwords, there is no reason to panic. Make sure your site is secure and change your passwords today. However, also keep in mind that hackers are forever trying new and old tricks, so stay up-to-date on the latest news here on WHSR and take the steps necessary to protect your website and your livelihood.