The Crypto-Criminal Bar Brawl

December 14, 2018
The Crypto-Criminal Bar Brawl

CryptoLocker made it into the scene in 2013 that really opened the age of ransomware on a grand scale. It spread like a wildfire in a form of attachment to spam messages and use RSA public key encryption to seal up users files, and monetizing by decrypting keys. As Avast notes that at its height in late 2013 and early 2014, over 500,000 machines were infected by CryptoLocker. 

We’ve also seen a rise in digital credit card skimming attacks against popular e-commerce software such as Magento. Some of the attacks are relatively naive and un-targeted, taking advantage of lax security on websites found to be vulnerable, while others are highly targeted for maximum volume and profited.

Ridiculously, that there are websites such as MageReport.com and Mage Scan that will provide scans of your website for any client-facing malware.

As for server-side issues, you might be out of luck. A lot of e-commerce software lives in a typical LAMP stack, and while there is a plethora of security software for Windows-based setting, the situation is fairly desolate for Linux.

It has been a while since Linux holds the regard the so called bombproof type of operating system incomparable with Windows operating system. Nonetheless it is fairly clear that is just susceptible, if not more so for specific application such as e-commerce solutions available.

The latest trend would speak for itself online or cyber-attack have become more tempting as it becoming more remunerative, and more enticing as cyber criminals easily can get away with, cryptocurrency generate more and quick money ,more so anonymous.

We have to keep up with the quick pace as it rapidly advancing with malware as their totter its ease of use, and its coupling with a new range of software that allows attackers to hide their lead more effectively.

 

Things like crypto currency, however are just the symptom of a greater issue.

 

That issue is the fact that the underlying software foundation we’ve been using ever since the first browsers appeared are built on a fundamentally flawed architecture.

This seemingly harmless concept characteristic is what allows culprit to run their system, such as crypto miners, on the victim servers. It is what allows attackers to insert card skimmers into your websites. It is what allows the attackers to run malware on your servers that try and shut down other pieces of malware in order to remain the dominant attacker.

Consider famous software companies such as Uber, Airbnb, Twitter and Facebook. Instead of dealing with a single database, they might have to deal with hundreds or thousands. Likewise, the old concept of allowing multiple users on a given system doesn’t make a lot of sense anymore. It has evolved to the point where identity access management lives outside of the single server model.

Preventive measure could get you far, secure and at least give you a peace of mind, with the advent of Monitoring Software like Solarwinds, PRTG from Paessler and Nagios just to mention a few, this would somehow prevent attackers from running their programs on your server, or even gaining access by simply checking which is vulnerable for exploit.

This would leave us few questions unanswered. Are we going to continue to let the crypto criminals run free on our servers? How are you going to call the cops on people you can’t even see who might live halfway around the world? Don’t fall prey to the notion that hackers are natural disasters and it’s only inevitable that they’ll get you one day. It doesn’t need to be like that. We don’t have to implement our software like we are using computers from the 1970s. It’s time that we remodel our digital infrastructure.

About the author

Leave a Reply