Passwords are the main barrier we have to prevent intruders from entering our accounts. It protects us against hypothetical attackers who may use our records and services. Hackers can use different methods to steal those passwords, but we can also use different tools and recommendations to protect ourselves. In this article we echo a new malware that aims to use brute force to break passwords on popular platforms.
Brute force against content managers
There are many varieties of malware that we can come across online. Some aim to hijack our files, others gain access to information and spy on us, others steal our passwords … In this case we are facing a new threat that has been analyzed by Larry Cashdollar, a security researcher at Akamai Security .
In this case the objective of this new malware is to carry out brute force attacks against content managers , among which we can include WordPress, Drupal, Bitrix, OpenCart, Magento and services such as MySQL, PostgreSQL, SSH and FTP.
This security researcher found different roles in the threat. You can carry out a scan to detect other targets, as well as use brute force to try to access victims’ accounts on these platforms. Before that, he discovered that the malware installs the free Alternate Lite WordPress theme. The attacker replaced the cutomizer.php script with a file upload script that allows files to be retrieved on request.
Once the files are where the attacker wants, the malware contacts the command and control server to receive a list of targets and logins. If the system acts as a scanner, it will try to determine if the target is running WordPress. Otherwise, a brute force attack will be carried out . Before that, the malware collects user data to generate a list of credentials.
According to Larry Cashdollar, the malware analyzes tags, such as author, email and other identifiers, to generate these word lists. Doing so adds an element of personalized victim targeting.
What to do to avoid being victims of this problem
Keep in mind that this time we are facing a threat that attacks platforms like WordPress . However, we may encounter a brute force attack that puts our passwords at risk in any other program or system that we use.
It is very important to always have strong and complex passwords . As we see in this case, they mainly use user data to generate possible credentials and thus attack with multiple combinations. It is vital that our password is unique, that we do not use it anywhere else, that it has letters (upper and lower case), numbers and other special symbols. All this must be random.
Also, as we have seen in this case, we must be careful with the software we install. We must always add programs or any installation from official sources. We must take care of the software that we install in the system.
On the other hand, something that is also necessary is to keep the equipment updated correctly. We must have all the security patches and thus correct possible existing vulnerabilities.