Cyber Security Today, June 30, 2021 – Meet HackMachine, a crook’s valuable hacking tool

Meet HackMachine, a crook’s valuable hacking tool.

Welcome to Cyber Security Today. It’s Wednesday, June 30. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Wonder how crooks break into e-commerce websites to plant malware and steal data? One way is by using password-guessing tactics like brute-force attacks. Another is by buying stolen passwords, and with some sleuthing, figuring out which companies they come from. A third way is buying a sophisticated piece of software called HackMachine. A report this month by Gemini Advisory outlines how this tool, which costs between $300 and $700, works for criminals.

Attackers can load a target victim’s domains – like “shoppingstore.com” — into the software, which then scans the websites for known vulnerabilities. It also tries to collect administrator and user login credentials through multiple types of automated brute-force attacks, and, if successful, verifies the validity of the credentials.

The crooks can then leverage the access they get to inject digital payment skimmers, steal stored payment card data from previous transactions, and exfiltrate databases and personally identifiable information. If they’re really mean, they launch a ransomware attack.

The hackers may also sell the access they get to other crooks who do the actual data theft, or sell the copied data to other gangs for monetization like credit card fraud.

The initial target of HackMachine is the administrator panel of a website or the content management system behind it. So if a crook gets control of one or both panels they’ve got what they need.

As the report notes, if an administrator uses the same username and password for both the content management console and the website console the organization may have trouble holding off an attack.

If the website and content management system don’t have the latest security patches, HackMachine will find out.

HackMachine focuses on WordPress, Joomla, Drupal, and Datalife Engine content management systems. It also looks for CMSs that use File Transfer Protocol servers.

And the tool is cheap: The basic version of HackMachine is $300. One module that expands its capability costs $200, and two others are $100 each. So for laying out $700 a crook has a very sophisticated attack tool.

What can IT department do to fight this tool? HackMachine exploits sites with lax security. So first of all, make sure all applications – including their plug-ins – have the latest security patches. Mandating multi-factor authentication as extra protection for login credentials is a must for all employees and especially for administrators. Administrators should be told to use different passwords for each application they use. Monitoring is vital – not only the time, source and activities of those logging into any application, but also monitoring network traffic for suspicious behaviour such as large file transfers.

That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast