Hacking and code removal or PR campaign - Russian video hosting Rutube went down for several days, and
What happened?
On May 9, information appeared in the news aboutmassive hacker attacks on television channels and Rutube. The video hosting site could not be opened for more than a day, and the problem turned out to be serious, since it was impossible to simply restore everything from backup copies.
On the same day, a provider of information about the schedule of television channels was hacked. On March 11, Rutube became available to users again, the service team announced.
How was the attack or attacks organized?
Alexander Gerasimov, director of informationsecurity and co-founder of Awillix, believes that this was an attack on the supply chain (Supply chain attack). This is when hackers attack not the end target, but the weaker link in its supply chain.
In this case, if you manage to compromisesupplier, you will be able to do the same with its customers. In this case, by hacking one TV channel schedule provider, the attackers gained serious influence over the entire chain.
But, according to Gerasimov, there is no 100% certaintythat's exactly what happened. Information appears that the providers were not hacked and the substitution was on the side of the built-in IPTV player. An IPTV player is a program that allows you to watch streaming videos on your computer.
Therefore, it is necessary to conduct an investigation in whichconsider scenarios in which there was not only an external, but also an internal violator. The attack could have been carried out from within the supplier's organization, Rutube notes.
As a result of the attack on Rutube, there are two most common versions of what happened, which are discussed in professional cybersecurity communities:
- Poor network segmentation. Thanks to a hack in one place, as a result, it was possible to get to its critical elements and disable them.
- The presence of an internal attacker (a disloyal employee) who himself managed to compromise the infrastructure or with his help the attackers were able to gain the necessary access.
Among the ways in which the attackers managed to get into the internal network, Gerasimenko identified several main ones:
- Low quality source code in terms of security.
- Vulnerabilities in the external IT infrastructure and the web environment of the service itself.
- Vulnerabilities in the logic of the service.
- Vulnerabilities in third-party components and libraries.
- Use of outdated software.
What was damaged in the attack?
Key elements in the service infrastructure were affected by the attack. According to Gerasimenko, perhaps these elements were encrypted, so it was not possible to restore the video hosting service immediately.
“There are many examples of applicationsransomware when the victim is subsequently asked for a ransom. This type of attack is capable of blocking the work of the largest organizations and their infrastructures. Millions of companies have already been subjected to such attacks, for example, there was a shutdown of the largest oil pipeline in the United States - American Pipeline or blocking the work of the largest international meat producer JBS, ”said Gerasimenko.
Previously, it was believed that the main threat to domestic resources was DDoS attacks. But recently attacks have become more complex.
“In the case of Rutube, it is also alarming thatthat having gained access of this level, attackers could control all data, including personal information about users of the service, ”the expert believes.
Have there been similar attacks before?
Any attacks on suppliers are global in nature and this is the most dangerous type of attack.
“The most high-profile premieres in recent timeswere attacks on the largest software providers such as Kaseya and Solarwinds, as a result of which millions of companies and government agencies around the world suffered, ”said Gerasimenko.
How not to fall under the same attack again?
A low level of security can be corrected withusing standard methods. In particular, timely penetration testing and security analysis of the system and application source code is required. During such checks, various actions of intruders are imitated, as a result, companies and Internet services learn about all kinds of problems in the security system and can quickly eliminate them.
Read more:
American satellite "saw" an unusual message from Earth
Published video from the rocket, which was launched from an experimental accelerator
Giant funnel found in China. Species unknown to science may be hiding there.