Ensuring your server is protected 24/7 is of critical importance and a new Apache exploit that uses the server platform as part of a scam to acquire online bank details has reaffirmed the need for security. Dark Reading reports Eset has discovered an Apache attack that adds malware to web pages on a web server, which is able to hide its presence. The malware then convinces the Apache software into infecting a visitor’s PC with the software, which can then be used to steal banking logins and passwords.
Security intelligence program manager for Eset Pierre-Marc Bureau explained the company was worried when it unearthed the vulnerability, which has the potential to be very widespread. “More than half of all web servers on the internet use Apache, so when we discovered a malicious Apache module in the wild last month, being used to inject malicious content into web pages displayed by compromised web servers, we were understandably concerned,” he remarked.
Once infected, it triggers a pop-up message asking a user for his or her banking details, which, if entered, are forwarded on to the creator of the exploit. Mr Bureau explained it is unclear how the vulnerability was initially exploited, adding: “This is a malicious module installed on an otherwise non-malicious server. This implies the controls protecting server access were circumvented or there is an insider involved.”
He speculated that the team behind the attack is “probably a gang specialising in such attacks, then renting ‘traffic’ to other groups”. This is one of many exploits that could negatively affect a business, so having strong security in place is key. CIO.com recently advised small firms to make use of cPanel, a program that simplifies the backup process, so enterprises’ information will still be safe in the event of a database being attacked or failing.
It also suggested using a virtual private network as an extra layer of protection if a firm is making use of sites that are known targets for hackers.