Businesses have again been warned to be on their guard against this simple but effective attack method as it continues to catch out firms of all sizes.
It is unclear when the attack began and at the time of publishing none of the news outlets had responded to V3's request for comment on the attack, although the affected sites had returned to normal. Sophos security researcher, Chester Wisniewski, said the hacktivists managed to wrest control of the sites from the admins using a basic phishing attack.
"Almost always it boils down to the same basic principle. Human frailness. Phishing. Trickery. Lying. Deceit. This time it appears they were able to gain control of the administration panel of content recommendation service Outbrain," he wrote in a blog post.
"Once they were in they were able to plant code to redirect visitors of CNN, Time and The Washington Post to their own website. It is not clear whether they had full administrative control of Outbrain or whether they were simply able to compromise the logins of the three victim institutions."
The Syrian Electronic Army is a prolific hacktivist group that has targeted numerous media outlets and companies with similar attacks. Other key victims this week include SocialFlow and The New York Post. Imperva senior security strategist, Barry Shteiman, said the attacks' basic and uniform nature means companies could easily prepare and protect against them if they implemented even basic information-sharing measures.
"What is interesting with this trend of hacktivists going for the same group of targets is that there are most likely similarities in attack patterns and techniques and even attack sources. There is also a great chance that some of the targets use the same kind of platforms to present their website, so the target becomes similar as well. The reason it is so interesting, is because there is a crowd-sourced approach to solve this problem - sharing attack data between companies," he said.
"Media websites should see themselves as any other website that is trying to keep their website secured, by implementing web protections such as a web application firewall to defend the web applications themselves, alongside DDoS protection to defend against a potential (and likely) flood."
A lack of information sharing about cyber attacks between companies has been a growing concern for many governments.
In the UK, the government has implemented numerous initiatives designed to increase information sharing between the public and private sector as part of its ongoing Cyber Strategy. The largest of these is the Cyber Security Information Sharing Partnership (CISP), which launched in March.
No comments:
Post a Comment