Malware Defense Part 1: Identify the Attack

This is a part of the THiNC.technology blog series. THiNC.technology is located in East Lansing, MI and develops custom software including mobile apps and websites. Today’s topic specifically covers the Malicious Attack Types most commonly found.

So how many of us have had THIS problem? You wake up one morning and try to load your website and...

...it’s been hacked!

And if you’re like most of us, you have no idea how it happened. All you can think about is what horrible things they may be doing on your website. Is your information secure? Are they infecting your users with malware? Did they steal anything? Did they hold your information and content for ransom?

Well over the years of fixing hacks and thwarting dastardly ne’er-do-wells, we have come up with some signs for identifying what type of attack you are facing. Then, in part two of this series, we’ll address your possible action steps: Tracking them down and stopping them.

First of all, let’s acknowledge the elephant in the room. You’ve been hacked. It’s probably no solace to you now, but it happens all the time and it’s nothing personal (usually). There is no software written by man that can’t be hacked by another person. If they want to get in bad enough they’ll most likely find a way to get in. Most of the time the hackers are lazy and will usually have a “modus operandi” (method of operation) and they leave some tell-tale signs.

There are many different kinds of hacks

There is an army of hackers trying to exploit your website and all your developer’s hard work. They’ll try to inject scripts into your website (to get it to redirect, download malware to infect more machines, etc). They’ll try to “listen” to the information being provided by your website (key loggers & sniffers to get transaction information, usernames, passwords, etc.). They’ll even try to take your website down by flooding it with requests (D.D.O.S., or Dedicated Denial of Service Attacks), and they will try to hold your content for ransom (Ransomware).

Script Injections

Each of the different types of hacks comes with signs we look for to identify and defeat them. This is not an exhaustive list, nor is it prudent to publish all of the tricks we use to defeat hackers. The vast majority of hackers use code injection scripts to do their bidding. The hacker will usually first write a program to search known websites for specific vulnerabilities. For example, let’s say they find out a login script for an old plugin for an older WordPress website has a vulnerability. They’ll write the script to identify those sites with that technology. Then, once they have that list, they’ll turn another program (script) on that will attempt to force entry or force the site to save their information into your database. The next user will be exposed to this when they access that content.

These are usually multi-functional malicious attacks and have several components. In the last year to 18 months, we’ve seen an increasing level of sophistication with these hacks. Some, even are checking their infected files for changes (anticipating you deleting or changing content, or changing permissions to thwart them) and then reverting back to their infected file version.

Hackers don’t build things, they strive to tear things down. Hackers are lazy. They want to find the lowest common denominator to attack and it is preferred if they can automate it. That’s why it’s important to keep your site up to date, and the plugins updated. (We’ll talk about updating in another post). Most of the time we see an SQL injection or “script attack” where they’ll place code to change the intent of the page. For example, you may open up a comment and see that they have redirected you from the page you intended to one selling Viagra. Or, if they don’t redirect you, at least they’ll post content with links in hopes that no one deletes their entry. Usually injections are lower-level of severity on the panic scale and usually aren’t hard to track down and delete. And, these are almost always automated so that the hacker fires the script and forgets.

Loggers & Sniffers

Key-loggers and sniffers are much more devious. In our experience this is usually associated with a live person who had accessed your website. It could have been that someone in your organization clicked link-bait that the hacker then installed a malicious script to spy on you. It could have been someone with weak passwords that allowed the user to sneak in. These are usually the most damaging types of web attacks, in that they can harvest information you store in your database. That means personal data, credit cards, financial status, and even health history.

In our experience, this is usually done with some organization and not just a lone-wolf actor. Getting a script to be published by a website to sell a hacker’s illegal pharmaceuticals is far less effort than getting the program to install on a machine. It also has to be transmittable via browser, and then log and transmit information input on the user’s computer or into the website (front and back end).

Key Loggers track what you type into the website and sniffers try to intercept data as its transmitted for clues as to hacks and operational deficiencies that they can exploit. Both are pretty nasty and can obviously do a lot of damage.

If they can get in, they can take full control over the website and can even record everything you type in or do (even offline). This is usually what happens when you hear of a hack in a news report and usually about them stealing credit card information or identities.

DOS Attacks

Denial of Service Attacks have many versions and tactics. This type of attack doesn’t try to force itself in, but instead tries to force the server to be tied up by its own requests for the webpage to load that it crashes the whole thing. These attacks are dedicated to bringing your site down. They’ll send dummy traffic to you that will overload your server and make it unavailable to use. Sometimes this is easy to stop once it starts, since it may come from one place and targeting one specific function. Sometimes they’ll use a Distributed Denial of Service Attack which sends traffic to your site from random places, making it impossible to single it out. By the time you’ve stopped one IP address, they’ll be on to another.

These shut down websites until they can recover from the load and they can deny requests to malicious files. This you probably have heard about in the news when they mention a “site was taken down.” Anonymous likes to do this, as do terrorist groups. Some foreign actors/states will operate using this type of attack. DDOS attacks happen to everyone, and every day there will be some type of attempt on a major website.

Ransomware

This type of software is a new one, and as such has gotten quite a bit of publicity lately. What happens with Ransomware is someone gets access to your files, then changes all the permissions on the files or downloads them and deletes them from your server. After which they will send you a message ransoming your content for money.

This has been all over the news as of late: A hospital in Kansas has been attacked with one of these malicious hacks. A public utility in Michigan was crippled by another attack, this one in my own backyard. They usually get access by tricking an employee to click on a fake link which is actually an installation link, or by guessing passwords. Police have been a victim of Ransomware themselves, it knows no bounds.

And, even if you comply and send the money they may hit you up for more. That has been a trend lately, of the hackers taking the money and not releasing the site. If they have your site, there is little you can do. (We’ll discuss what to do in the next blog).

Identifying the type of attack is important to determining the best course of action. Not all malware is the same, even though some are very similar. At THiNC.technology we handle emergency support requests on a daily basis from our clients and those who are infected. None of them are ever the same, but we have come up with several steps to track down the code on a website and we’ll share that with you in the next blog.

THiNC.tank
What is it?

The THiNC.tank is a collaborative entrepreneurial program that combines software development experts, business development gurus, financial mavens, accountants, designers, and attorneys all in one space. Tenants will have their ideas vetted by technology and business experts, and if chosen will be able to produce their innovations in a nurturing and professional environment. THiNC.tank members have created multiple software products and have worked on large scale projects—including successful creation of several tech companies.

If you’ve won a contest, and wonder what’s next...are a researcher who wants to make their ideas a business...or if you have a great idea but don’t have the resources, this is the opportunity for you.


Where is it located?

University Place-Home of THiNC.technology

Located in the top floor of the East Lansing Marriott, the THiNC.tank offers Class A office space via CB-Richard Ellis with a receptionist, conference and training rooms, kitchen, and co-working and ideation spaces. We have space for single entrepreneurs or teams.

 We have between 12-16 offices available, depending on demand and configuration of teams or individuals.

The THiNC.tank will provide you with:

• Reception services: Answering incoming calls, booking conference rooms, taking guests or clients to your office, arranging food and beverage service, etc.
• Common Areas: Ideation booths, conference rooms, training room, bathroom and kitchen
• Custodial Services: Cleaning of common areas, trash removal
• Internet: Wireless and connected internet available
• Power: Electricity, heat provided

 

Who is involved?


THiNC.technology Software, Mobile Apps, Web DevelopmentThe THiNC.tank has a few permanent residents. To handle software, mobile application, web application, website and technology development, we have the software and technology development firm THiNC.technology. For accounting, we have Plus 5 Accounting Services. For shipping, transportation or logistics we have Future Transportation LLC. And, legal service may be provided by Edward Christensen, PLLC. We have several Venture Capital Funds, and they will be announced here over the next few weeks. 

 

Why is it needed?


THiNC.technology great ideasWe believe that great ideas happen everywhere, but sometimes in our market resources are scant or hard to find. All of our members have met entrepreneurs who have brought us amazing ideas about changing technology, changing the social fabric, or changing the world. Often, they lack a cohesive team or coaching and mentorship that can take them to the next level.

 
*We believe that sometimes incubators often aren’t enough, and that the next step of business development still requires teamwork and collaboration.
*We believe that starting up your Tech Company or product shouldn’t cost you millions of dollars. With our approach, you can start off in positive territory.
 

How does it work?


THiNC.tank processWe accept applications for the program 3 times a year, in August, December, and May. The application process is straight forward, and doesn’t require a fee to apply.

Our Process:
  1. You fill out the forms and return the requested information. It’s that simple. Current tenants and new applicants alike are considered. (New applicants, if chosen, may be required to rent space onsite).
  2. Then, your application is vetted amongst the THiNC.tank members for its feasibility, market fit, and program fit. The application process is rigorous and you can expect to have your technology scrutinized, your business plan challenged, and assumptions questioned. This is a healthy part of the process, and doesn’t mean you’ll be disqualified. Often it brings the business of the idea into focus, and helps you work towards a more realistic goal.
  3. Once we adjourn, our staff will meet and determine your eligibility. If chosen, you may be offered investment by our VCs and Angel investors so be prepared to present a solid business case for your product. It’s always better to be over prepared, than under prepared.
  4. Program participants may lease their space, get discounted rates for any services they may require (including in some cases terms for any equity-for-services deals); a move-in date if a new applicant, and information package. They will get a meeting scheduled with each service provider to review their particular needs as part of this process and may be required to provide further documentation.
  5. Once you start, you can work with the members of the floor to build your product/service and get it ready for market. We’ll have regular meetings scheduled with staff to check the progress, and will be there to answer any questions you may have about readying it for market.
  6. Your product, service, or business model will be developed and then prepared for launch. We’ll gather resources to put out information for press and social media, and for any PR or Marketing company that you work with. Then, we’ll work with you on the next steps of growth.
 

When do applications have to be ready?

THiNC.tank calendarWe accept applications for the THiNC.tank in May, August, and December. The 1st day of those months is the due date for each session, and they must arrive before 5pm EST on the due date. It may take 2-3 weeks for us to review and vet the applications properly, and this may require you to answer/address, or provide some feedback to us.

 

Who is eligible?


Any US-resident may apply. Special consideration is given to Great Lakes region (Illinois, Indiana, Michigan, Minnesota, Ohio, Pennsylvania and Wisconsin) entrepreneurs and businesses since that’s where we came from, where we live...and our mission is to increase our region’s ability to innovate and provide economic growth.

We will also hear pitches from Non-US based entrepreneurs and companies that meet one or more of the following criteria**:

• Must be able to travel to the US freely*
• No restrictions on trade with you or your country of origin*
• Investment Immigration (EB5)

*Mandatory, required.
**We will not be offering an H1, Student, or other Visa services.

How do I get involved?

• If you are a student and want to make your idea real, then fill out the application form or email 
• If you are an entrepreneur, and want to develop a product or service for business, then fill out the application form or email
• If you are a business, and want the THiNC.tank’s expertise to develop your next product or service, then fill out the application form or email 
• If you are a business, and want to leverage the THiNC.tank’s knowledge for consultation, then fill out the application form or email
• If you are an investor, whether an Angel or an Accredited Investor you can contact THiNC.tank directly at (855)932-9499 x 800 or email 

 

Mobile Application: Judgment Interest Calculator

Attorneys for years have had to figure out the interest on judgments the hard way, by doing the math on the back of an envelope. Our friends at Legal Pad Apps came to us and asked if we could build something that could help. We asked a number of other counsels that THiNC.technology is friends with all requested the same thing: "We need a way to figure this out;" and "We need a way to get the numbers we calculate to someone."

Hey, they might be onto something...

So we started working on the Judgment Interest Calculator (JIC) for both iOS and Android. The build was pretty straight forward, creating functions to perform the mathemenatical calculations needed to arrive at an accurate figure. Then we found that no one had built a solution for compiling results into a pre-formatted PDF that could be emailed.

Hey, we may be onto something...

THiNC.technology created the plugin for SendGrid and Appery.io systems. We are using it in the JIC application, and we will be releasing it onto the marketplace for other developers to licence. The Android version is done and tested, and the iOS version is finishing its testing at the time this article has been written. We're slated for release in the fall of 2015.