Police Charged British Teen, Aged 18, For Running DDoS-For-Hire Service

A teenage student has been charged with running a supplying malware that was used for launching distributed denial of service (DDoS) attacks against websites of some of the world's leading businesses.

Jack Chappell, an 18-year-old teenager from Stockport, is accused of helping cyber criminals with his DDoS booter service (DDoS-for-hire service) to flood millions of websites around the world with the massive amount of data and eventually bring them down, making them unavailable to their users. 

Among the victims that were allegedly attacked by Chappell's malware are the National Crime Agency (NCA), T-Mobile, O2, Virgin Media, the BBC, Amazon, Vodafone, BT, Netflix, and NatWest that had its online banking systems down in a 2015 cyber attack. 


Chappell is charged following an investigation led by the West Midlands Regional Cyber Crime Unit and assisted by Israeli Police, the Federal Bureau of Investigation (FBI) and Europol’s European Cybercrime Centre (EC3).

According to authorities, the teenager rented his DDoS-for-hire service to criminals and also ran an online helpdesk for would-be hackers as part of his operation.

"He has been charged with impairing the operation of computers under the Computer Misuse Act, plus encouraging or assisting an offense and money laundering crime proceeds together with an American national," West Midlands Police said in a statement.

Chappell is due to appear at Manchester Magistrates' Court on July 4, Tuesday.

Late last year, another 19-year-old student from Hertford (Town in the UK) was pled guilty for running Titanium Stresser DDoS-for-hire service, one of the most popular DDoS booter tool that was used to launch over 1.7 Million DDoS attacks worldwide and brought him an income of more than US$385,000.

This WordPress Plugin is Vulnerable To SQL Injection Attack And Its Been Used by Over 300,000 Sites

A SQL Injection vulnerability has been discovered in one of the most popular Wordpress plugins, installed on over 300,000 websites, which could be exploited by hackers to steal databases and possibly hijack the affected sites remotely.

The flaw has been discovered in the highly popular WP Statistics plugin, which allows site administrators to get detailed information related to the number of users online on their sites, the number of visits and visitors, and page statistics. 


Discovered by Sucuri team, WordPress plugin WP Statistics is vulnerable to SQL Injection flaw that allows a remote attacker, with at least a subscriber account, to steal sensitive information from the website's database and possibly gain unauthorized access to websites.

SQL Injection is a web application bug that allows hackers to inject malicious Structured Query Language (SQL) code to web inputs in order to determine the structure and location of key databases, which eventually allows stealing of the database.

The SQL injection vulnerability in WP Statistics plugin resides in multiple functions, including wp_statistics_searchengine_query().

"This vulnerability is caused by the lack of sanitization in user-provided data," researchers said. "Some attributes of the shortcode wpstatistics are being passed as parameters for important functions and this should not be a problem if those parameters were sanitized."
"One of the vulnerable functions wp_statistics_searchengine_query() in the file 'includes/functions/functions.php' is accessible through WordPress' AJAX functionality thanks to the core function wp_ajax_parse_media_shortcode()."


This function does not check for additional privileges, which allows website subscribers to execute this shortcode and inject malicious code to its attributes.

The researchers at Sucuri privately disclosed the flaw to the WP Statistics team and the team had patched the vulnerability in its latest version WP Statistics version 12.0.8.

So, if you have a vulnerable version of the plugin installed and your website allowing user registration, you are definitely at risk, and you should install the latest version as soon as possible.

Microsoft Outlined Steps To Detect and Prevent Petya Ransomware Via Microsoft Azure

Petya (or NotPetya) Ransomware (Or not ransomware) – it is the second major global Ransomware attack incident in the past two months. Petya, began in Ukraine and then it quickly spread further across Europe and the rest of the world. This Ransomware encrypts a hard drive’s index page until the victim pays the ransom of $300 in Bitcoins. Microsoft in a blog post shared the procedure to prevent and detect Petya through Azure Security Center for its customers.

Petya Ransomware Cyber Attack

Petya ransomware is very similar to the Wannacry attack, in fact, it follows the same pattern. The ransomware locks up a computer’s files and demands $300 Bitcoins as ransom to unlock the data. So far it has hit over 12,000 machines in around 65 countries. Once a system has been compromised, the ransomware takes the following steps:

• Pens a message to the raw disk partition.
• Clears the Windows Event log using Wevtutil
• Restarts the machine
• Encrypts files matching a list of file extensions (including .3ds, .7z, .accdb, .ai, .asp, .aspx, .avhd, .back, .bak, .c, .cfg, .conf, .cpp, .cs, .ctl, .dbf, .disk, .djvu, .doc, .docx, .dwg, .eml, .fdb, .gz, .h, .hdd, .kdbx, .mail, .mdb, .msg, .nrg, .ora, .ost, .ova, .ovf, .pdf, .php, .pmf .ppt, .pptx, .pst, .pvi, .py .pyc, .rar, .rtf, .sln, .sql, .tar, .vbox, .vbs, .vcb, .vdi, .vfd, .vmc, .vmdk, .vmsd, .vmx, .vsdx, .vsv, .work, .xls, .xlsx, .xvd, and .zip)
• Leverages WMI or PsExec to spread
• Presents a text message on the screen of the user, demanding ransom for files recovery.

Prevention Of Petya In Microsoft Azure Security Center

• Deploy Endpoint Protection

Azure Security Center runs a scan against the virtual machines across an Azure subscription. It then makes a recommendation to deploy endpoint protection where an existing solution is not detected, this can be accessed via Prevention section.

• Compute pane

The Compute pane displays the endpoint protection status in detail. This include recommendation for installing Endpoint Protection.

• Selection Of And Installation

Upon clicking on the recommendations on Compute Pane, the user leads to a dialog that allows the selection and installation of an endpoint protection solutions, including Microsoft’s own antimalware solution.

• Availability

Azure Security Center Free tier customers have access to these recommendations and connected mitigation steps.

Detection Of Petya In Microsoft Azure Security Center

• Detection Feature For Standard-Tier Azure Security Center

Standard-Tier Azure Security Center customers can reap the benefits of a recently added new detection feature. This feature specifically alerts on specific indicators related to the Petya ransomware running on an infected host. The security alerts can be accessed by the users through the Detection pane.

• Alert For Petya Ransomware

Alert for Petya ransomware displays as shown in the picture. To view the details of the impacted VM and suspicious process or commandline user needs to click on the alert.

Apply Remediation Steps To All

While the detection alert relates to a specific host, Microsoft advices to apply remediation steps to all on all hosts on the network. This is Petya attempt to spread to other nearby machines.

Microsoft Azure Security Center customers can follow the remediation steps from Microsoft Malware Protection Center (MMPC) blog.