February 6, 2024 at 01:41PM
Attackers dubbed “ResumeLooters” used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites, stealing databases with over 2 million emails and personal records in a month. They mainly targeted victims in Asia-Pacific, putting stolen data up for sale. Group-IB discovered the attacks, and have advised on prevention measures.
The meeting notes outline a cyberattack campaign called “ResumeLooters” targeting job-recruitment and retail websites, with the attackers using SQL injection and XSS to steal databases containing more than 2 million emails and other personal records of job seekers. The attacks primarily targeted victims in the Asia-Pacific region, but compromised companies were also discovered in other regions, including Brazil, Italy, Mexico, Russia, Turkey, and the US. The group used penetration-testing tools such as Acunetix, Beef Framework, X-Ray, Metasploit, ARL, and Dirsearch. Group-IB identified several recommendations for organizations to prevent both SQL injection and XSS attacks, including using parameterized statements, implementing a web application firewall, and validating and sanitizing user inputs.
The campaign serves as a reminder to organizations to prioritize cybersecurity and stay vigilant against evolving threats, as cybercriminals often target job seekers through various employment scams, exploiting their personal information and credentials. It is noted that such attacks are easily avoidable and can be prevented through improved security practices and measures.