This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Syrian Electronic Army attacks several sites for the price of one

Share this article:

It only took one attack last week, but it was enough to allow the Syrian Electronic Army (SEA) to compromise The Washington Post, CNN and Time.  

 

On Wednesday, visitors who clicked recommendation links featured on any of the the victim sites may have been redirected to pages controlled by the pro-Assad hacker collective. The links were said to have contained political messages and did not serve any malicious content.

 

The SEA took claim for the attacks via Twitter, explaining it was facilitated – and in a short time – by a compromised third-party known as Outbrain, a content recommendation service used by more than 90,000 websites and blogs.

 

Access to Outbrain enabled the attackers to infect the targeted sites.

 

A successful phishing attack likely provided the entry in, Chris Wysopal, co-founder and chief technology officer for application security company Veracode, told SCMagazine.com on Monday. He explained that official-looking emails were sent to Outbrain employees, appearing to come from CEO Yaron Galai.

 

Each email contained an embedded link that, when followed, led to a page asking employees to enter their corporate usernames and passwords. At least one phish was successful, and that information was sent back to the attackers.

 

“Once the SEA had those credentials, they could change the content Outbrain published to their customers – [thus] changing the content that is displayed on those websites,” Wysopal said, explaining future implications could be significant, especially if the end goal is something malicious and not just to spread a political message.

 

Outbrain responded by taking down its service and successfully blocking the intruders, making a public announcement and by improving security to prevent these kinds of attacks. All other services on the media websites do not appear to have been affected.

 

Wysopal said third-party organisations must be held accountable and that the media industry and their associates appear to be skimping on security. He said these types of attacks will continue to happen if larger entities that outsource do not work collaboratively with their partners to set defence standards.

 

“To prevent these types of attacks from succeeding, organisations should provide security awareness to their staff to help identify and prevent them from falling prey to spear phishing attacks, implement multi-factor and role-based access controls for corporate social networking accounts, enforce a password policy requiring strong passwords and regular password changes, and conduct regular, thorough account access and vulnerability scanning of internet-facing servers, applications and services,” said Scott Hazdra, principal security consultant at security and risk management consulting company Neohapsis.

 

The SEA has gained notoriety for hijacking Twitter accounts and exploiting vulnerabilities in websites to harvest data. Wysopal said this particular attack was crafty and signals a significant advancement.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Targeted spear phishing campaign targets governments, law enforcement

Targeted spear phishing campaign targets governments, law enforcement

Kaspersky Lab claims to have identified a highly targeted spear phishing campaign that picks on high profile victims - including government, military, law enforcement agencies and embassies.

Malaysian investigators 'hacked' for confidential MH370 records

Malaysian investigators 'hacked' for confidential MH370 records

Around 30 computers at Malaysian law enforcement agencies looking into the disappearance of the MH370 airplane have reportedly been hacked, with perpetrators making off with confidential data on the aircraft.

75,000 reasons not to jailbreak your iPhone or iPad

75,000 reasons not to jailbreak your iPhone or ...

Malicious AdThief malware replaces adverts appearing on Apple users screens