IBR and The Case of Weak Security Controls and Abandoned Websites

In this era of daily evolving technology, organizations are steadily updating their websites with enhanced security features. Still, there are websites whose security can break with the simplest form of attack. Threat actor IBR (not real name) is one of those actors who basically targets these types of websites that have weak security controls and cough up the data with a simple injection attack or lets you login as administrator. Sometimes old abandoned websites are also targeted by the threat actor; These old websites are targeted because they sometimes contain old data, due to the oversight of the organization, which can be extracted and sold on the dark web markets for monetary gains.

IBR has a telegram channel having close to 350 subscribers. The message is written in Arabic and loosely translates to “Vulnerability report of Iranian sites. All bugs reported on this channel are first reported to webmasters.”

IBR does not only targets Iran websites but has India, Pakistan, Thailand and many other countries websites on target.

The threat actor provides ways of accessing the data on these websites to the channel subscribers with three methods –

  • Injection attack
  • Providing username and passwords
  • Direct access to the misconfigured page / uploaded shell

Examples –

The threat actor has been targeting Indian websites lately and fetching the PII details for monetary gains –

More than 7500+ records from CCAOI organization of India

The threat actor has not been only targeting the websites for getting the databases but also uses few abandoned websites for bitcoin mining –

It is recommended that all Organizations (Private and Public),
Schools and Colleges should test their security controls and perform a secure
code review of their websites to mitigate the risks which could result in leakage
of data. Also, it is recommended to get through the records of previous/old
websites and find out all the abandoned websites that are still live on the
internet and shut them.

About Cyble

Cyble is an Atlanta, US-based, global premium cyber-security firm with tools
and capabilities to provide near real-time cyber intelligence. The company is
focused on de-hashing cyber threats at upstream.  

This monitoring and notification platform gives the average consumer
insights into their personal cybersecurity issues, allowing them to take action
then as needed. It has recently earned accolades from Forbes as
being the top 20 cyber-security companies to watch in 2020. 

Scroll to Top