Other Shoe Drops in CyberVor Hack Attack
09/02/14 5:37 PM PT
Domain name registrar Namecheap on Monday reported that it was besieged Sunday night by cyberattackers who employed username and password data possibly stolen by the so-called CyberVor hacker gang.
"Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems," explained Matthew Russell, Namecheap's vice president of hosting. "Upon investigation, we determined that the username and password data gathered from third party sites, likely the data [linked with 'CyberVor'], is being used to try and gain access to Namecheap.com accounts."
"CyberVor" is the name Hold Security used last month when it reported the theft of 1.2 billion online credentials.
Some Successful Attempts
The cybercriminals executing the attack on Namecheap used stored usernames and passwords along with fake browser software to simulate authentic Web browser logins, Russell said.
The "vast majority" of the malicious login attempts have been unsuccessful, he added, primarily because the information used was old and out of date. Some, however, have been successful, so Namecheap has secured the affected accounts.
The company also is blocking the IP addresses that appear to be logging in with the stolen password data. In the meantime, the company is working with customers to improve their security.
'The Results Could Be Significant'
"This is a significant threat," Steve Hultquist, chief evangelist for RedSeal Networks, told the E-Commerce Times. "For any particular sites from which the credentials were stolen, users are subject to theft of any data or services they use there. Given the sheer quantity of stolen credentials, the results could be significant."
Moreover, since Namecheap handles domain registration, "if an attacker gained unauthorized access to an account, he or she would be able to modify DNS records and direct unsuspecting visitors to malicious pages," noted Ronnie Flathers, security consultant at Neohapsis. "If the compromised account also uses Namecheap's hosting services, an attacker could gain direct access to the host and modify or capture sensitive data."
'There Is No Such Gang'
Whether the data being used was stolen through the concerted efforts of a single gang, however, appears to be a matter of opinion.
"The whole 'CyberVor' thing smells a little," KnowBe4 CEO Stu Sjouwerman told the E-Commerce Times.
In fact, the report from Hold Security last month "may very well be a publicity stunt with a whole bunch of old usernames and passwords that you can get for a dime a dozen on websites in the cyberunderground," he charged. "There is no such 'CyberVor' gang in Russia."
'Today's Wild, Wild West'
That said, "there remains the fact that there are cyberattacks happening all day long and that you are likely going to be losing your identity unless you take some security measures," Sjouwerman said.
Two-factor authentication and the use of five- or six-word pass phrases instead of passwords are the top strategies he recommends; those pass phrases should include at least one capital letter and at least one number.
"That gets you to a point where you are very hard to hack," asserted Sjouwerman.
One of the biggest problems is that users often reuse the same username and password combination across different accounts on different websites, Adam Kujawa, head of malware intelligence at Malwarebytes, told the E-Commerce Times.
In that way, they "leave themselves open to having more than just one of their accounts stolen in the event that a breach happens," he explained.
"The best and easiest way to protect multiple accounts is the use of a password manager like LastPass and Roboform that automatically populate the login forms for secured and recognized websites while also providing the user with an easy way to keep track of complex passwords that are less likely to be cracked with generic password-hacking mechanisms," he said.
'Change Your Passwords'
The fact that Namecheap had controls in place to detect the rise in suspicious login attempts and has now alerted users is "admirable," Flathers said.
"Credentials included in the CyberVor dump are undoubtedly being tested against countless other sites, and it wouldn't surprise me if the majority of those other sites have no idea," he added.
Meanwhile, Namecheap's own advice to users "is solid and should be applied across the board: Change your passwords, and ensure they are adequately complex," said Flathers. "Namecheap also supports dual-factor authentication, which should be enabled for added security."
'We Need a Better System'
All in all, "it's another reminder and a wake-up call that users have a shared responsibility here," Craig Spiezle, founder, executive director and president of the Online Trust Alliance, told the E-Commerce Times.
"We need to reset passwords often, and we need to make them as unique as possible, and that's hard," explained Spiezle, who recommends using the time change twice a year as a reminder.
"This is not a new problem," he said. "We need to have a better system of managing passwords, both from a security perspective and for ease of use."