how it was possible and is there a danger to users
As a result of the attack on RuTube, more than 75% of the databases and infrastructure of the main version and 90% of backups and database recovery clusters were affected.
Usually, backups are provided for such a case, but in a particular situation, the problem, apparently, is that the service still does not understand whether the hacker still has access to the system or no longer, wrote The Village.
All code has also been removed and possibly stolen.
What is the danger of this hack for ordinary users? What is the mistake of the developers, which could lead to hacking? What risks do RuTube developers bear?
Ekaterina Starostina
Business Development Director at Orlan
The primary error is characteristic not only of the Rutuba team, but of almost all developers in our country. It is with great difficulty that we adopt the best practices of the world community in the field of development, there has always been more trust in foreign software, but almost no one thinks for what reason.
The whole secret lies in the fact that development should include security, now it is secure development that is gradually gaining popularity, which in turn includes testing processes at each stage to identify vulnerabilities before the start of operation, which in turn reduces further costs or complete product closure.
It is also a huge mistake to give the entire security process into the hands of one organization, without an alternative opinion, the risks of missing or deliberately turning a blind eye to any mistake are almost inevitable.
Users have different dangers, since the threat of disclosing personal data can lead to irreversible consequences.
Naturally, the trust in the service has fallen to a critical level, in order to correct the current situation, the Rutub team needs to make every effort to minimize the consequences and reconsider the approach to protecting data and its service.
Reply rating:
Evgeny Tsarev
RTM Group CEO, expert in cybersecurity and law
The fact that the RuTube team lacks an understanding of whether the attacker still has access to the resource demonstrates that the staff has organizational problems.
Obviously, they do not have a clear list of persons who have access, and there is also no access matrix, which does not allow for guaranteed elimination of the consequences of access compromise.
Removal and theft of code are a great danger, first of all, for the reputation of the service, since the value of the code itself is immeasurably less than the cost of infrastructure and PR of the site.
Well, the only serious threat is that the code may contain other vulnerabilities that have not yet been exploited by attackers. After all, a full-fledged analysis of the security of the resource (at least according to GOST / ISO 15408) has probably not been carried out, there is not even public information about its pentests.
In addition, if such work had taken place, they would certainly have saved the resource from such serious security problems that hackers took advantage of.
Well, for ordinary users, the danger of hacking is fraught with leakage of personal data and, potentially, a decrease in the level of value of video promotion.