Department of Homeland Security Website Hacked During Mass Web Attacks
The mass infection that’s injecting attack code into hundreds of thousands of reputable web pages has infiltrated the website of the Department of Homeland Security.
This latest attack is notable for its ability to infect huge numbers of pages using only a single string of text. At time of writing, Google searches showed almost 560,000 pages containing the infection string, though the exact number changes almost constantly. As the screenshot below shows, even the Department of Homeland Security, which is responsible for protecting US infrastructure against cyber attacks, wasn’t immune. Other hacked sites include those belonging to the United Nations and the UK Civil Service.
The attack causes infected sites to redirect visitors to destinations that attempt to install malware on vulnerable machines. At time of writing, the malicious payloads attacked vulnerabilities that already have been patched. And in any case all three of the redirection sites were down, possibly because they were unable to handle the demand. But should the attackers get their hands on a newer exploit – say, one targeting a zero-day vulnerability in QuickTime – it would be relatively easy for them to swap out the payload.
One reason the infection has spread so widely is the attackers have managed to find a single attack string that seems to work on tens of thousands of different sites. The script is also notable for its ability to slip past web application defenses. The SQL query is mostly made up of HEX code, allowing it to obscure itself, at least to apps that use Microsoft SQL. MySQL and PostgreSQL are less easily fooled, according to researcher Ronald van den Heetkamp.
Sites are getting hacked because they fail to sanitize user supplied data. So far Department of Homeland Security has not commented on this issue.
Do not visit the infected websites addresses presented in this article or Google search results.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.