Company X came to HackControl with a concern that they had found some third-party links on their website which they definitely did not post. We conducted an investigation to identify the origin of these links and pentested the resources. So they ordered penetration testing by HackControl.
We found that the website used the popular engine WordPress, where those third-party links had been placed using a mobile redirect which forwarded all users to the paid services and subsequently were able to withdraw money. In addition, we detected that the links that had been placed on the website used the code from a popular link exchange engine on the runet. As a result of communications with the content providers that provided services for the monetization of paid mobile applications as well as the owners of an affiliated link exchange program, we discovered the payment details which the attacker had used for payment transactions from the users of the hacked websites.. Using those payment details, we identified the attacker. This information was conveyed to the client and later to law enforcement agencies.
The results of the performed activities were as follows:
- Vulnerabilities on the site were fixed
- All outdated software on the server was updated
- Website loading speed was optimized, and as a result SEO metrics were improved
- Anti DDoS protection was set up
- CDN to reduce server load connected
- All shell (s) and backdoor (s) were removed
Penetration testing not only saved client money, but with cyber investigation helped to put cybercriminal in jail.