The year just started and it has already been crazy for tech companies like Facebook, Microsoft, Apple, the New York Times, NBC and its affiliate websites. The expansive list of cyber attacks and hacking has been getting longer. While we cannot be certain that the Chinese government is behind these attacks, it is becoming increasingly evident that these are more than just haphazard attacks. There is definitely a line to be traced and most of these attacks seem to be coming from one group having one agenda.
One of the more common hacking concepts being used frequently is the watering hole attack. Instead of hackers hunting down their victims, they wait for the victims to come to them. They do this by identifying a website frequently visited by employees of the target corporation. They then hack the legitimate site and plant an exploit on some of the pages. When employees visit the infected pages, their computers are compromised allowing hackers access to the organization’s internal resources and private information. Most of these attacks have been using Java flaws which target an operating system, the browser or certain types of users.Considering that these attacks are becoming increasingly common, let us review some of the more popular websites that have been targeted from last year all the way up to now.
Facebook Timeline
Facebook, like other significant Internet giants, is a frequent target of hackers.
2012: Early in the year, it was reported that Facebook had been attacked by the Ramnit worm and passwords of over 45,000 users, mainly from the UK and France, had been stolen. The Ramnit worm uses an attack mechanism that is often used to steal banking details and attack corporate networks. Once an account was compromised, it was used to send links to the account’s Facebook friends and when they clicked on the sent links, the worm would be downloaded to their computers and continue the spread. The attack was believed to be taking advantage of the fact that users tend to use the same password in various web-based services making it easy to gain remote access to other corporate networks.
2013: In February, Facebook reported that it was the target of another ‘sophisticated attack’ that targeted employees visiting a mobile developer website that had been compromised. In a blog post, Facebook revealed that the attack was not specific to Facebook and that some companies had been targeted with the same kind of attack that allowed malware to be installed on employee laptops.The attack used a zero-day exploit to bypass the Java sandbox. Oracle has since provided a patch that addresses this vulnerability. Facebook was however quick to point out that there was no evidence that user data had been compromised and promised to continue working with law enforcement entities in order to prevent such future attacks.
Microsoft Timeline
Microsoft has long been a target for hackers and in 2012 and 2013, it reported attacks similar to those reported by other corporations like Apple and Facebook.
2012: Early in the year, Microsoft’s online store in India was temporarily hacked by the Chinese hacker group, Evil Shadow Team. At the day of attack, visitors were briefly greeted with a Guy Fawkes mask and the store’s database of usernames and passwords exposed. Screenshots showed that the passwords had been saved in plain text, which would mean they were completely unsecured. While Microsoft did not comment on the details, it was able to regain control of the site and resume services afterwards.
2013: The same zero-day Java vulnerability that was used on Facebook was also injected into an iOS developer website and used to target Microsoft. It turned out that some of Microsoft’s computers, including in the Mac business unit had been infected although no evidence of affected customer data was found. The Java vulnerability on Mac computers was patched and the malware presence on the infected website appears to have voluntarily ended by the hacker on January 30th. After hacking into an account and modifying the theme that had the injected JavaScript, hackers were able to hack into users’ computers without their knowledge using a sophisticated and a previously unknown exploit.
NBC Timeline
NBC owns a number of websites including such popular specific sites like Saturday Night Live, Jimmy Fallon and Jay Leno pages. NBC has also recently been a target of malicious hackers that are believed to be similar to those that attacked Apple and Facebook.
2012: NBC television network’s websites were hacked on November 4th resulting in dead pages while others failed to work properly. The attacked pages were replaced with a simple page displaying scrolling text that read: “Remember, remember the fifth of November. The gunpowder treason and plot. I know of no reason why the gunpowder reason should ever be forgot.” The hacker identified himself as Psyknic. According to the attacker, ‘user info” and “passwords” had been exposed.
2013: In February, NBC again reported that it had been hacked with its Late Night with Jimmy Fallon and Jay Leno’s Garage sites being infected and compromised with the Citadel Trojan. The attack was what is commonly referred to as a ‘drive-by download’ where users who are simply surfing the Web can stumble upon a hacked website, simply by opening infected pages. The RedKit was used to inject malicious code into the main website. When visitors open infected pages, RedKit checks whether the user is running older and outdated versions of a browser or browser plugins. If it detects an outdated version, it exploits its weaknesses and installs the malicious code into the user’s computer.
Twitter Timeline
Twitter, one of the more recent victims to the hacking onslaughts, is not new to reports of users getting their accounts hacked. Back in 2011, Fox News’ and NBC News’ Twitter accounts were compromised together with PayPal’s UK Twitter feed.
2013: Twitter’s own systems were hacked in early February. The attackers were able to gain access to over 250,000 user accounts including their usernames together with their encrypted and randomized passwords. Burger King and Jeep’s Twitter were also compromised with the former tweeting that the company had been purchased by its rival McDonald’s.
Evernote Timeline
2013: Earlier this month, Evernote reported that hackers had managed to gain access to Evernote’s user information, which includes usernames, email address associated with the Evernote accounts and encrypted passwords. Evernote Operations & Security team first became aware of unusual and potentially malicious activity on the Evernote service on February 28th. Upon taking a closer look they discovered what had taken place. No evidence was found of unauthorized access to the contents of any user account or payment information for Evernote Premium and Evernote Business customers. All 50 million users’ passwords were reset.
There is no doubt that we can expect to see more attacks and likely a few successful penetrations. Even where hackers are unable to collect user data, it’s clear that their ability to access and infect some of the computers in such large corporations that have dedicated security teams is a cause for concern. Let us see what 2013 has in store and what hackers have in store for us.
