Recent Hacks on Forums Show Platforms Remain Vulnerable to Fundamental Exploits

vbulletin-hacksThe latest hacks on Ubuntu, Clash of Kings, Warframe, and most recently, Disney’s Playdom have two things in common—all run on vBulletin, an internet forum software designed for online communities, and all got hacked. Although these incidents were not connected, reports say that hackers behind each attack were able to steal similar details—usernames, email addresses, IP addresses, and Facebook profile data for the two popular games.

Forum Software: An Underappreciated Risk

These recent forum hacks demonstrate how popular online platforms remain vulnerable to fundamental exploits. Unfortunately, even though the look and feel of most internet platforms has generally changed, managing forum software continue to be a difficult challenge as these platforms are exposed to the public—meaning most databases remain vulnerable to specific types of attacks.

Forum software has always been a tough thing to secure. They process lots of incoming user input such as searches and posts, a SQL database that requires maintenance of all previous posts, and they are generally administered by small development teams—making it inevitable for oversights to occur. Upgrading forum software is generally a non-trivial task and the updates take some time to be released, which is probably why most admins do not update right away.

In the Clash of Kings hack incident, and possibly others, the hacker took advantage of an unpatched bug—reportedly because the CoK forum was using a vBulletin version that dates back to 2013, and that it didn't use any encryption. In the case of the incidents that affected Ubuntu and Warframe, attackers were able to exploit an SQL injection vulnerability, making it an apparent favorite tool among hackers. However, minor oversights, such as relying on older or outdated software, or not implementing the latest patch, magnify the risks.

In June 2016, a hacker stole tens of thousands of accounts from over a thousand popular forums hosted by VerticalScope, a Toronto-based media company. Based on the breach notification site, LeakedSource, the scope of leaked data may have been greater than first expected. Again, the string of breaches illustrates that the forums impacted by the hacks fall way short of what today's security landscape demands: stronger encryption and consistent patching to address known security flaws.

What happens to stolen data?

End-user credentials such as usernames and passwords are a common target of attackers, and can offer a considerable long-term value for further attacks and fraud. Cybercriminals leverage the financial value of data when monetizing the information they steal—with amounts that vary depending on the type of information. For example, in the Brazilian underground, a list of landline phone numbers may be priced between $317 and $1,931, while a set of email credentials can be sold in the Chinese black markets for a cheaper price of $163. Work and personal email addresses can be sold in the Russian underground for as much as $200.

[READ: A Global Black Market for Stolen Personal Data]

Cybercriminals do not only peddle stolen data. They can also use the data to cause personal distress, damage an unknowing user’s reputation, commit identity theft, expose private information to the public, and even compromise corporate accounts and use them as a gateway to breach an enterprise’s network.

Building a defensive wall

Although passwords were not included in the stolen data of the recent hacks, compromised accounts can still be a goldmine for attackers as usernames and other credentials can also be key to breaking into additional online accounts—as evidenced in the breach reports. For instance, if an attacker has access to the victim’s email account, they can use botnets that could proactively find other online accounts where that email is used and obtain the password. As such, users must apply good security practices such as using complex and unique passwords. If users are aware of a breach, they should immediately reset passwords to prevent from becoming a victim.

Platform owners are responsible for their users’ security and privacy. For system administrators running a vBulletin install, applying available patches and software updates should be mandatory.

Trend Micro Deep Security offers anti-malware solution with web reputation, network security that includes intrusion detection and protection (IDS/IPS) to shield unpatched vulnerabilities, as well as a firewall to provide a customizable perimeter around each server. It also provides system security, including file and system integrity monitoring for compliance, as well as log inspection to identify and report important security events. To protect endpoints, Trend Micro Vulnerability Protection blocks known and unknown vulnerability exploits before patches are deployed, blocks all known exploits with intrusion prevention signatures, protects endpoints with minimal impact on network throughput, performance, or user productivity, and shields operating systems and common applications known and unknown attacks.
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.