A new battle front just opened up in the corporate espionage cyberwar. Security firm TrapX has released information on a new attack that appears to be focused on shipping and logistics firms, and is being delivered via hand-held inventory scanners made by a specific manufacturer in China. The wireless devices appear to contain malware that once connected to a company’s corporate network targets enterprise resource planning (ERP) servers and attempts to compromise them through a variety of known weaknesses. If successful it then facilitates the installation of command-and-control malware that provides a backdoor on the compromised server to an unidentified location in China. The manufacturer of the scanners has denied the devices were intentionally shipped with the malware, but their close proximity to the Lanxiang Vocational School (allegedly tied to other infamous hacking incidents) has raised security eyebrows everywhere.
What this means for you:
It’s a safe bet that you probably won’t be directly affected by this particular hacking vector unless you are one of the handful of firms who bought and used the devices before the manufacturer rectified the issue. However, this is just another crack in the dangerously swollen dike that is technology security, and the white hats are rapidly running out of fingers and toes with which to plug the holes. The fact that the Chinese have targeted supply chain technologies means they are fishing for big data to steal, and the amount of money (and power) at stake is enough for the bad guys to continually search out new ways to compromise and breach businesses. They know they have the good guys over a barrel, as we have to continually try to guess where the next mole will pop up in a playing grid with an infinite number of holes. Will we get to a point that we have to run a malware scan on anything with electronics and a means to transmit data? It’s starting to look that way.
Numerous sources are reporting that web services provider GoDaddy.com is currently suffering from a severe, widespread outage of its DNS and webhosting services, crippling thousands of its customers’ websites. GoDaddy’s website and phone support are also unavailable. Though GoDaddy is not commenting on the reason for the outage, responsibility for the outage is being claimed by hacker “Own3r” who is allegedly the Security Leader of the infamous hacktivist group “Anonymous“.
— Anonymous Own3r (@AnonymousOwn3r) September 10, 2012
What this means to you:
GoDaddy is one of the world’s largest domain registrars, and by default, also one of the largest DNS providers as well. The easiest way to explain DNS is to liken it to a directory that matches the domain name (e.g. “c2techs.net”) with that website’s actual IP address (eg. “184.108.40.206”). Whenever you type a domain name into your browser, you are actually reaching out to that domain’s “name server” (hence “DNS”) so that your browser knows where to find the webserver that serves pages for that particular domain name.
Even if your site isn’t hosted by GoDaddy, if the above attack has taken GoDaddy’s DNS servers offline, your site is still unreachable unless the browser (or the human behind it) knows the IP address of your domain name and uses that instead.
What can you do about it:
While their service is down, not a whole lot. Once they come back online, you can transfer any GoDaddy services to any number of other providers. I use Hover.com and have been very happy with their simple and low-key approach. If you’ve registered domains with GoDaddy, then you are more than capable of handling the transfer process, especially if you start the transfer from Hover.com, but there are a few gotchas here and there that may complicate the process. Website transfers are a bit more complex, and unless you are an accomplished website administrator, I’d suggest you contact us for help. C2 Technology provides a full complement of web services including domain registration, website design and hosting.