Free Demo

Trending

Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
HomeBlog
IBR and The Case of Weak Security Controls and Abandoned Websites

IBR and The Case of Weak Security Controls and Abandoned Websites

In this era of daily evolving technology, organizations are steadily updating their websites with enhanced security features. Still, there are websites whose security can break with the simplest form of attack. Threat actor IBR (not real name) is one of those actors who basically targets these types of websites that have weak security controls and cough up the data with a simple injection attack or lets you login as administrator. Sometimes old abandoned websites are also targeted by the threat actor; These old websites are targeted because they sometimes contain old data, due to the oversight of the organization, which can be extracted and sold on the dark web markets for monetary gains.

IBR has a telegram channel having close to 350 subscribers. The message is written in Arabic and loosely translates to “Vulnerability report of Iranian sites. All bugs reported on this channel are first reported to webmasters.”

IBR does not only targets Iran websites but has India, Pakistan, Thailand and many other countries websites on target.

The threat actor provides ways of accessing the data on these websites to the channel subscribers with three methods –

  • Injection attack
  • Providing username and passwords
  • Direct access to the misconfigured page / uploaded shell

Examples –

The threat actor has been targeting Indian websites lately and fetching the PII details for monetary gains –

report-ad-banner

More than 7500+ records from CCAOI organization of India

The threat actor has not been only targeting the websites for getting the databases but also uses few abandoned websites for bitcoin mining –

It is recommended that all Organizations (Private and Public),
Schools and Colleges should test their security controls and perform a secure
code review of their websites to mitigate the risks which could result in leakage
of data. Also, it is recommended to get through the records of previous/old
websites and find out all the abandoned websites that are still live on the
internet and shut them.

About Cyble

Cyble is an Atlanta, US-based, global premium cyber-security firm with tools
and capabilities to provide near real-time cyber intelligence. The company is
focused on de-hashing cyber threats at upstream.  

This monitoring and notification platform gives the average consumer
insights into their personal cybersecurity issues, allowing them to take action
then as needed. It has recently earned accolades from Forbes as
being the top 20 cyber-security companies to watch in 2020. 

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.
why cyble

Get Threat Assessment Report

Identify External Threats Targeting Your Business​
Get My Report
Free
Cyble Vision

Threat Landscape Reports 2025

Global cybersecurity report
Europe cyber landscape
APAC Cyber Threat Landscape
North America Cyber Threat Landscape Report
META Threat Landscape
Australia New Zealand threat report

Upcoming Webinars

global-webinar-banner
Stay-Ahead-of-Cyber-Threats
CISO's Guide to Threat Intelligence 2024

CISO’s Guide to Threat Intelligence 2024: Best Practices

Stay Ahead of Cyber Threats with Expert Insights and Strategies. Download Free E-Book Now

Cyble | Amazon Music
Azure-MP-logo
google-ad-cyble
Share the Post:

Related Posts

Scroll to Top

Discover more from Cyble

Subscribe now to keep reading and get access to the full archive.

Continue reading