Delaware, USA – July 12, 2018 – Unknown hackers compromised http://www.videosoftdev.com and several times replaced download links on VSDC video editor redirecting users to attackers’ server. The last replacement occurred on July 6, and it was found by experts from Qihoo 360 Total Security. The investigation revealed that similar attacks also occurred on June 18 and July 2, and this campaign affected users from 30 countries worldwide.
The VideoSoftDev administration has already taken measures to restore content and the normal operation of the site, as well as strengthened its security. There are no details about the method of hacking, but it can be assumed that adversaries brute forced the administrative account. Watering hole attacks are usually carried out by experienced hacker groups and it is difficult to detect them. Last year, there were a number of successful attacks using this technique, such as NotPetya or BadRabbit. One of the reasons for the success is the vulnerability of web resources, which require constant monitoring. Web Application Security Framework for ArcSight can help your SIEM to detect breach attempts and inform the SIEM administrator about any suspicious activity associated with web applications.