After Twitter, NY Times Hacks, Top Internet Brands Remain at Risk
The Syrian Electronic Army hit multiple targets this week, including Twitter and the New York Times. While the victims have recovered for the most part, many popular brands remain at risk.
Wed, August 28, 2013
Twitter had the most issues to deal with, as their domain shortening service (t.co) well as their primary domain and image hosting service (twimg.com) all had their DNS records altered. The attack was possible due to a social engineering campaign launched by the SEA that targeted MelbourneIT, the registrar responsible for hosting the targeted DNS servers.
According to reports, including those from MelbourneIT themselves, the SEA spent some time on this campaign, and created a cleaver Phishing email that eventually snared an unknown reseller's username and password, which granted them access to the domain controls needed to alter DNS settings.
While this attack was bad, things could have certainly been much worse, as other large brands also use MelbourneIT for their DNS, including Yahoo, Google, Microsoft, Adobe, IKEA, and AOL. Fortunately, the account that the SEA compromised didn't share access to those domains.
"Social-engineering and most specifically Phishing is one of the largest attack surfaces we face in the security industry. Hacking through websites and breaching perimeters takes way to much time and usually not worth the effort. Sending a targeted email to a company almost guarantees you access to whatever you want and we aren't capable of handling these types of attacks right now," said Dave Kennedy, the creator of the Social Engineer Toolkit and the founder of TrustedSec, in an email to CSO.
"My question to everyone right now is that if they are targeting resellers, outside parties, and people not always in the company, but control certain aspects of an organization, where does this leave our massive exposures in the cloud?"
In the wake of the Twitter and New York Times attacks, several major brands remain at risk. The risk comes from two angles; the first is exposure to social engineering. Should an attacker gain access to the DNS controls directly, then a situation such as the one that occurred this week could certainly happen again.