U.S. Department of Labor Website Hacked. Can Georgia business learn from this?

Need Help Right Now?

Click Here

US Labor MalwareYou’ve probably already heard about the U.S. Department of Labor’s website being recently hacked, which is true; however a microsite, a subdomain of the Department’s main website that runs off a different server, was fixed to serve up the malware. The website that was affected is: www.sem.dol.gov. It’s been offline since May 2nd.

A Site Exposure Matrix or SEM is an archive of information on substances that are designated as toxic, and are often found on Department of Energy sites, or locations where radiation exposure could exist. The “site” in the name is not referring to websites, but to worksites.

Many theories have been proposed saying that the radiation-related nature of the SEM website hacking means it was a targeted attack. However it could be possible that the site was attacked because it’s more vulnerable than other parts of the Department of Labor website.

The hacker used a malicious JavaScript file that forced a browser to download a file named bookmark.png, which sounds like an image file to the average user, but in reality it’s a Windows program that can’t run by itself due to the first byte being altered.

Typically, a browser won’t do anything other than simply downloading the offending file, but the JavaScript uses a function called helo() (pictured below) that triggers the CVE-2012-4792 remote code execution vulnerability found in Internet Explorer.

The hacker attempts to run the downloaded malware program by tricking your browser into skipping security checks, causing the download to start without asking you first. It seems as though the exploit has borrowed both the concept and code from a Metasploit module that is publically available. However, if you’ve recently patched Windows or you’re using Internet Explorer 9 or 10 then you’re probably safe, because the patch decreases your vulnerability and the file should cause no harm to your system.

The attack also used a malicious scrip file including anti-anti-virus techniques, where the attacker can attempt to avoid detection through the interference of one or more operating anti-virus tools you might be running; and if you’re using BitDefender, the script can connect you to the local web console and reconfigure the product.

Technology Security is crucial to your Georgia business.  You must take the right steps to ensure all your business information, websites and any other communication tools are safeguarded.  Do you have a business technology security plan?  If not, our Georgia IT service team help design and implement a tech security plan that fits your business.  Contact us today.

Alexssa

“Moving my recruiters out of the physical office and into the virtual office world was quite the undertaking, and you were there to help me accomplish that feat in the most cost-effective manner. At your urging I bet my business on the thin-client model you proposed to me, and am truly glad I followed your advice.”

Recruiters out of the Physical Office   Recruiters out of the Physical Office