One of the lessons we’ve learned in recent years is that online attacks can come from anywhere. Viruses and spyware were more common to pornography and pirate download web sites five years ago. Today, even the most reputable web sites might be the source of online mayhem. In fact, so-called “watering hole” attacks that exploit legitimate web sites and use them as honey pots to lure the intended victims are all the rage among sophisticated attackers. (For evidence of this, see our recent story on the compromise at the web site of The National Journal, a publication for Beltway policy wonks.) But the Internet still has its dark alleys and bad neighborhoods. And they’re still the source of a lot of malicious activity – especially in connection to run of the mill crimes like spam and phishing attacks. That’s the conclusion of research done by students at the University of Twente’s […]
Trojan
D.C. Insider Site NationalJournal.com Serving Malware
Watering hole -style attacks are all the rage these days, as our recent coverage on the attacks against Facebook and Twitter suggest. That makes us look askance at any report of a web site compromise – especially at a site that’s known to serve an audience that’s of interest to sophisticated, nation-state backed hacking crews. That’s why it caught our attention this week that the web site for the DC-insider magazine The National Journal (nationaljournal.com) was found serving malware. According to a blog post by Anup Ghosh at the security firm Invincea, The National Journal’s Web site was serving up attacks to visitors of the site on Tuesday. The discovery was surprising, as the magazine acknowledged an earlier compromise on February 28th and said that it had since secured its site. That National Journal, part of The Atlantic Media Company, is widely read within Washington D.C.’s political circles. It […]
Many Watering Holes, Targets In Hacks That Netted Facebook, Twitter and Apple
The attacks that compromised computer systems at Facebook, Twitter, Apple Corp. and Microsoft were part of a wide-ranging operation that relied on many “watering hole” web sites that attracted employees from prominent firms across the U.S., The Security Ledger has learned. The assailants responsible for the cyber attacks used at least two mobile application development sites as watering holes in addition to the one web site that has been disclosed: iPhoneDevSDK.com. Still other watering hole web sites used in the attack weren’t specific to mobile application developers – or even to software development. Still, they served almost identical attacks to employees of a wide range of target firms, across industries, including prominent auto manufacturers, U.S. government agencies and even a leading candy maker, according to sources with knowledge of the operation. More than a month after the attacks came to light, many details remain under tight wraps. Contacted by The Security […]
Report Exposes Links Between Chinese Govt., Hacking Group
If you read one story today (besides this one, of course!) it should be The New York Times’ write-up of a just-released, 60-page report (PDF) on a Chinese hacking group known as APT1 by the security firm Mandiant. At a one level, the report doesn’t tell us anything we didn’t already know: APT1 is a professional, hacking crew that operates from within China and with the full knowledge and support of the Chinese Government. Most of us already suspected that. The report is worth reading for the depths of Mandiant’s research into APT \1 and the revelations of just how close the ties are to the Chinese government and, particularly, the People’s Liberation Army (PLA). Specifically: Mandiant is able to parse the findings of around 150 intrusions it has analyzed that are attributable to APT 1 – which is probably some small fraction of all the attacks the group has carried out. […]
Whitelist Goes Black: Security Firm Bit9 Hacked
Application “whitelisting” offers an alternative to signature based malware protection. Rather than trying to spot the bad guys, the thinking goes, just identify a list of approved (whitelisted) applications, then block everything else. But what happens when the whitelist, itself, becomes compromised? That’s the scenario that’s playing out with customers of whitelisting firm Bit9, which acknowledged a breach of its corporate network that allowed unknown assailants to gain control of an application code signing server. The acknowledgement came after Bit9 was contacted regarding the breach by Brian Krebs of Krebsonsecurity.com, which broke the news Friday. Little is known about the incident. In a blog post, Bit9’s CEO, Patrick Morley, said that only three of the company’ s customers were affected. Those customers identified malware on their networks that had been signed by one of Bit9’s code signing servers. The lapse was the result of a breach on Bit9’s own network. […]
