When it comes to an organization’s security, business email compromise (BEC) attacks are a big problem. One primary reason impacts are so significant is that attacks often use a human victim to authorize a fraudulent transaction to bypass existing security controls that would normally be used to prevent fraud. Another reason is that social engineering lures may be expertly crafted by the attacker after they have been monitoring a victim’s activity for some time, resulting in more effective phishing campaigns with serious security implications.
Over the past year, there’s been an increasing trend of WordPress malware using SQL triggers to hide malicious SQL queries within compromised databases. These queries inject an admin level user into the infected database whenever the trigger condition is met.
What makes this especially problematic for website owners is that most malware cleanup guides focus on the website files and data within specific database tables — for example, wp_users, wp_options, and wp_posts.
Realtime Blackhole Lists (RBLs) can be a great tool in your security arsenal. You may not know you’re using them, but all email providers and company email servers leverage these services to verify whether servers and IP addresses are sending spam or other abusive content against a known list of offenders.
These services use a number of methods to compile lists of IP addresses reputed to send spam, mostly populating them using honeypots drawing them in with “poison” email addresses to act as victims.
Aside from providing significant protection from a wide range of threats, the Sucuri WAF also acts as a CDN due to its caching capabilities and regional PoPs — often performing even better than dedicated CDNs based on recent tests.
CDNs can significantly help speed up your website by storing and delivering content as close to the browser as possible, using servers dedicated to that task. What’s more, properly configured caching settings are the best defense against DDoS attacks.
It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download a malicious attachment.
To support these activities, attackers seek out tools that assist in the mass sending of malspam (malicious spam) emails from a compromised website. PHP scripts like Leaf PHPMailer are well suited for this task.
Hacktool Analysis: Leaf PHPMailer
Leaf PHPMailer is a PHP mailer hacktool that lets an attacker send out large amounts of malspam emails from a compromised website’s web server.