Researcher Claims 200K Web Sites at Risk

Online thieves have obtained administrative log-in credentials for more than 200,000 Web sites and modified the code of some of these sites to attack users who visit them, a security researcher claims. Among the sites impacted is the U.S. Postal Service, though the USPS disputes the claim.

In addition, Ian Amit, director of security research at security vendor Aladdin Knowledge Systems, told InternetNews.com that the hackers consolidated all this stolen information onto one server and are offering login credentials and other information for criminals to exploit on demand.

The server with the stolen administrative information from Web sites “caters to at least three different criminal groups, two out of Europe and the other out of the U.S.,” Amit said. “They’re offering crime as a service, from the SaaS model.”

The server holding the information apparently belongs to a customer of Neosploit, a hacker tool cybercriminals use to attack browsers and Web software.

Amit claims that more than 80,000 of the 200,000 sites that were compromised have been modified to take visitors to another site where they are at risk from malware and even SQL injection attacks. “To have that many stolen and compromised credentials on one server is unheard of,” he added.

One of the sites hacked belongs to the a href=”http://www.usps.com/>U.S. Postal Service (USPS), Amit said, adding that “more sensitive sites were also hit,” but he wouldn’t name them. He thinks the cybercriminals do not know which sites they have cracked because “everything’s automated, from their hacking into a Web site to the process of modifying site code to bear malicious code.”

New approaches for new times

The USPS denies Amit’s claims. “We have found no evidence of a compromise of USPS.com and the postal service has turned the allegations over to the appropriate law enforcement authorities including the postal inspection service,” USPS spokesperson Michael Woods told InternetNews.com.

Because cybercriminals are adopting new business models and technologies so rapidly, they have to be combated with new methods. “They are definitely ahead of the curve, technologically, and they’re advancing threats faster than we can build up defenses,” Amit said.

“We’re trying to break that vicious cycle of trying to detect and break the latest and greatest techniques, and move into trying to understand the thinking of the criminals instead,” Amit added. “That way we can build a solution that’s adaptable and flexible enough to deal not only with problems now, but also with problems one year, two years into the future.”

This article was first published on InternetNews.com. To read the full article, click here.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020