Other issues in this category (35)
What was it all about?
Thursday, July 19, 2018
Doctor Web’s 2017 report on the presence of a vulnerability on Russia’s civil service website literally blew up the world’s online media outlets.
Dr.Web discovered malicious code on the civil service portal. "Gosuslugi.ru": The threat is not severe
Doctor Web reports malicious code found on civil service portal
Dr.Web discovered unknown malware on the Russian civil service portal. The anti-virus developer Dr.Web discovered an unknown virus on the civil service portal. According to its security researchers, the malicious code could at any moment infect the computers of the site’s 50 million registered visitors.
Dr.Web: Civil service portal compromised by dangerous malware
Doctor Web: gosuslugi.ru may steal user data at any moment
Doctor Web: Russian Federation's civil service portal hosts malicious code
Dr.Web reports civil service portal infected by personal-data-stealing malware
Doctor Web: Malware infecting civil service site poses severe threat to users
Was the civil service site really compromised? Expert opinion
Those were typical news headlines at that time
Meanwhile, the text of our announcement contained no references to viruses or malware being present on the portal.
Doctor Web: Russian Federation Government Services Portal (gosuslugi.ru) compromised and could start infecting visitors and stealing information at any time
Doctor Web specialists have detected potentially malicious injected code of an unknown source in the Government Services Portal of the Russian Federation (gosuslugi.ru).
What actually happened? And how dangerous was the incident?
To understand the situation, let's compare it with the MeDoc breach in Ukraine. At first glance, the incidents aren’t comparable: on the one hand, we have just an announcement with no infected computers, and on other hand, we have a real outbreak with a large number of infections. But that's only at first glance.
In reality, the incidents have a great deal in common:
- A backdoor that threat actors could exploit to deploy or remove malicious code (on the site or in the product update releases).
- The attackers remained inactive for quite some time after they deployed their backdoor.
So, the vulnerability that Doctor Web discovered back then was a backdoor that could potentially be used by threat actors to carry out their activities. The discovered code was not a Trojan or a virus, but it could perform malicious tasks whenever criminals needed it to. The Ukrainian company's infrastructure was infected in a similar fashion.
What did the attackers try to accomplish by deploying the code? Did they really want to use the backdoor to target multiple computers? We'll probably never know. But it could have happened at any moment.#vulnerability #security
The Anti-virus Times recommends
- Vulnerability scanners can't solve all security problems, and they won't notify you about dangers they know nothing about since they can only detect vulnerabilities that have already been discovered.
- Statistics show that 80% of websites are vulnerable.
- A threat may lurk on each one of them.
- Doctor Web discovered just ONE piece of malicious code on ONE site. No one knows how many backdoors of this kind are scattered across the World Wide Web.