Blog

The Aftermath of a Malicious Python Script Attack

Joe Franscella
August 4, 2016
Table of contents
<p>Movies depict hacking as a dramatic struggle to overtake an adversary, often with little attention paid to how all the collateral damage is addressed. So, in the event of a large scale cyber-security event, what really goes on afterward? Moving on after a coordinated attack has been successfully used against you involves time, money, and, in some cases, victims make humble apologies.</p><p>Python is a succinct programming language based on simple to read code scripts. Programmers can use it to make dynamic object-orientated applications. As with everything, criminals have found a nefarious way to apply it. A malicious python script can be embedded into other executable applications. Most malware attacks are sent through phishing emails, although <a href="https://www.anomali.com/blog/bepushpythonservant">phishing occurs on social media</a>, too.</p><p>A malicious python script has many applications. ShellShock is a version which attacks vulnerability in the BASH utility used to command Linux or iOS machines on which servers are run. Infected computers can be remotely commanded to perform the hacker’s wishes, including a Denial of Service attack. In this model, many computers are infected with malware running in the background. These people are secondary victims used in the service of attacking the primary victim.</p><p>DoS attacks, specifically Directed Denial of Service attacks (DDos), take down the target’s web domain. Bot-infected computers unwittingly send traffic to the target domain in such a great volume, actual users are unable to use the site. Anti-malware software and firewalls are not situated in a position to stop this traffic. Specific assets can be targeted with an influx of hits, but a tidal wave of general traffic is sufficient to cripple a website. The damage can be so severe that <a href="{page_3352}">threatening a Python attack</a> works to blackmail victims.</p><p>Attacks last an average of 72 hours. If your website is for e-commerce or another integral piece of your business, a DDoS attack can be particularly devastating. Companies surveyed reported that resolving a DDoS attack costs vary greatly by industry and size. Low estimates suggest <a href="http://www.securityweek.com/ddos-attacks-cost-40000-hour-incapsula" target="_blank">damages start from $5000 up to $40K <em>per hour</em></a>. Lost income tops the list of ways in which a malicious python script attack inflicts hardships. Other damages continue to affect victims after the website’s function is restored:</p><ul><li>Hire experts to investigate the event</li><li>Assign new account numbers or passwords to compromised accounts</li><li>Pay remuneration to third parties victimized through you (customers, students, patients, etc.)</li><li>Pay increased liability premiums</li><li>Diminished trust in web security and overall brand affect long term sales</li><li>Theft of or sabotage to intellectual property diminishes efforts to be competitive</li></ul><p>Cyber threats, like a malicious python script, can take up so much of your IT security staff time that they are overwhelmed and become distracted. That can create an opportunity for further exploitation like espionage or data theft. With so much to lose, it is no wonder that network breaches cause up <a href="http://www.inc.com/graham-winfrey/how-to-protect-your-company-information-in-the-digital-age.html" target="_blank">to 60%of SMEs to go under</a> soon after a cyber-security crisis. Are you prepared for the event of a DDoS attack? Download our guide to creating a threat intelligence model.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-b53c0f45-fcb8-4ba6-a11f-9aca8537b985"><span class="hs-cta-node hs-cta-b53c0f45-fcb8-4ba6-a11f-9aca8537b985" data-hs-drop="true" id="hs-cta-b53c0f45-fcb8-4ba6-a11f-9aca8537b985" style="visibility: visible; display: block; text-align: center;"><a class="cta_button" cta_dest_link="{page_3452}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=0b18662a-88cf-40b3-af83-56f3867555f6&amp;placement_guid=b53c0f45-fcb8-4ba6-a11f-9aca8537b985&amp;portal_id=458120&amp;redirect_url=APefjpGLvX_PxoIexZl2wfQEfA8-44jEXIT_nyrck_eQhpSbOPFDzgkOi3k_kmgtqH-Sez0Mo790sYpR2ZAD_ZfExfKXCCAfLEz4NAdha9CeVRs_XKI_qr23yVxhxgcoe0tAEio6rCLeJcoaC22Elx2TkeZeBB-L6xpqC2Yi90ARNX-csNq2IBKxXCf3GPJls8jPZuUbqUUj6nrb4YVmARgrrzZ0UATybCLuoFDlYI1dEf9cDxfpN6Ikhzy868Us2QS8nwG-B6NxUJtpWHavZFH9SNRMuDet2Ap-rrXmygzouQ7vXXbfZBwazr2sHRjxFBj8M5OJ60T_4sWE977G4Bp17faheqzFtg&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fthe-aftermath-of-a-malicious-python-script-attack&amp;canon=https%3A%2F%2Fblog.anomali.com%2Fthe-aftermath-of-a-malicious-python-script-attack&amp;pageId=4266759629&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478822660171.1478831861868.179&amp;__hssc=41179005.58.1478831861868&amp;__hsfp=1335165674" id="cta_button_458120_0b18662a-88cf-40b3-af83-56f3867555f6" style="margin: 20px auto;" target="_blank" title="Download Here">Download Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'b53c0f45-fcb8-4ba6-a11f-9aca8537b985', {});</script> </span></p>
Joe Franscella

Joe Franscella is the former Vice President of Corporate Communications at Anomali.

Discover More About Anomali

Get the latest news about Anomali's Security and IT Operations platform,

SEe all Resources
No items found.
No items found.

Propel your mission with amplified visibility, analytics, and AI.

Learn how Anomali can help you cost-effectively improve your security posture.

August 4, 2016
-
Joe Franscella
,

The Aftermath of a Malicious Python Script Attack

<p>Movies depict hacking as a dramatic struggle to overtake an adversary, often with little attention paid to how all the collateral damage is addressed. So, in the event of a large scale cyber-security event, what really goes on afterward? Moving on after a coordinated attack has been successfully used against you involves time, money, and, in some cases, victims make humble apologies.</p><p>Python is a succinct programming language based on simple to read code scripts. Programmers can use it to make dynamic object-orientated applications. As with everything, criminals have found a nefarious way to apply it. A malicious python script can be embedded into other executable applications. Most malware attacks are sent through phishing emails, although <a href="https://www.anomali.com/blog/bepushpythonservant">phishing occurs on social media</a>, too.</p><p>A malicious python script has many applications. ShellShock is a version which attacks vulnerability in the BASH utility used to command Linux or iOS machines on which servers are run. Infected computers can be remotely commanded to perform the hacker’s wishes, including a Denial of Service attack. In this model, many computers are infected with malware running in the background. These people are secondary victims used in the service of attacking the primary victim.</p><p>DoS attacks, specifically Directed Denial of Service attacks (DDos), take down the target’s web domain. Bot-infected computers unwittingly send traffic to the target domain in such a great volume, actual users are unable to use the site. Anti-malware software and firewalls are not situated in a position to stop this traffic. Specific assets can be targeted with an influx of hits, but a tidal wave of general traffic is sufficient to cripple a website. The damage can be so severe that <a href="{page_3352}">threatening a Python attack</a> works to blackmail victims.</p><p>Attacks last an average of 72 hours. If your website is for e-commerce or another integral piece of your business, a DDoS attack can be particularly devastating. Companies surveyed reported that resolving a DDoS attack costs vary greatly by industry and size. Low estimates suggest <a href="http://www.securityweek.com/ddos-attacks-cost-40000-hour-incapsula" target="_blank">damages start from $5000 up to $40K <em>per hour</em></a>. Lost income tops the list of ways in which a malicious python script attack inflicts hardships. Other damages continue to affect victims after the website’s function is restored:</p><ul><li>Hire experts to investigate the event</li><li>Assign new account numbers or passwords to compromised accounts</li><li>Pay remuneration to third parties victimized through you (customers, students, patients, etc.)</li><li>Pay increased liability premiums</li><li>Diminished trust in web security and overall brand affect long term sales</li><li>Theft of or sabotage to intellectual property diminishes efforts to be competitive</li></ul><p>Cyber threats, like a malicious python script, can take up so much of your IT security staff time that they are overwhelmed and become distracted. That can create an opportunity for further exploitation like espionage or data theft. With so much to lose, it is no wonder that network breaches cause up <a href="http://www.inc.com/graham-winfrey/how-to-protect-your-company-information-in-the-digital-age.html" target="_blank">to 60%of SMEs to go under</a> soon after a cyber-security crisis. Are you prepared for the event of a DDoS attack? Download our guide to creating a threat intelligence model.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-b53c0f45-fcb8-4ba6-a11f-9aca8537b985"><span class="hs-cta-node hs-cta-b53c0f45-fcb8-4ba6-a11f-9aca8537b985" data-hs-drop="true" id="hs-cta-b53c0f45-fcb8-4ba6-a11f-9aca8537b985" style="visibility: visible; display: block; text-align: center;"><a class="cta_button" cta_dest_link="{page_3452}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=0b18662a-88cf-40b3-af83-56f3867555f6&amp;placement_guid=b53c0f45-fcb8-4ba6-a11f-9aca8537b985&amp;portal_id=458120&amp;redirect_url=APefjpGLvX_PxoIexZl2wfQEfA8-44jEXIT_nyrck_eQhpSbOPFDzgkOi3k_kmgtqH-Sez0Mo790sYpR2ZAD_ZfExfKXCCAfLEz4NAdha9CeVRs_XKI_qr23yVxhxgcoe0tAEio6rCLeJcoaC22Elx2TkeZeBB-L6xpqC2Yi90ARNX-csNq2IBKxXCf3GPJls8jPZuUbqUUj6nrb4YVmARgrrzZ0UATybCLuoFDlYI1dEf9cDxfpN6Ikhzy868Us2QS8nwG-B6NxUJtpWHavZFH9SNRMuDet2Ap-rrXmygzouQ7vXXbfZBwazr2sHRjxFBj8M5OJ60T_4sWE977G4Bp17faheqzFtg&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fthe-aftermath-of-a-malicious-python-script-attack&amp;canon=https%3A%2F%2Fblog.anomali.com%2Fthe-aftermath-of-a-malicious-python-script-attack&amp;pageId=4266759629&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478822660171.1478831861868.179&amp;__hssc=41179005.58.1478831861868&amp;__hsfp=1335165674" id="cta_button_458120_0b18662a-88cf-40b3-af83-56f3867555f6" style="margin: 20px auto;" target="_blank" title="Download Here">Download Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'b53c0f45-fcb8-4ba6-a11f-9aca8537b985', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.