Hack of New York Times holds a lesson for all businesses

You may not be the New York Times or Washington Post, but recent attacks highlight weaknesses that all businesses should be aware of.

The New York Times, Twitter, and other major sites were knocked offline yesterday in an attack by the Syrian Electronic Army (SEA). While there is certainly a political motivation to the hacks, there is an underlying lesson that all businesses should learn.

Apparently, the latest attack was the result of sites being redirected at the DNS server level. AlienVault Labs has posted a comprehensive list of domains pointing to the Syrian Electronic Army server as of last night. The WhoIs data for the New York Times domain showed the SEA listed as the admin for the domain, and the name server entries were modified to redirect to the SEA.

The Syrian Electronic Army was also reportedly behind recent attacks on The Washington Post. The recent attacks by the SEA have a common thread, and recognizing it is the first step to defending against future attacks.

Darien Kindlund, FireEye's manager of threat intelligence, says the attacks aren't coming through the front door and attacking the sites directly. Instead, they're going after the low-hanging fruit--exploiting weaknesses in third-party affiliates. "With the Washington Post, a third-party advertiser platform was hacked," he says. "With the New York Times, the SEA went after the hosting provider."

Kindlund has some stern advice for the affected organizations. "Targeted media companies need to start to look at their entire infrastructure not as a contained system, but rather, how does their infrastructure integrate with their external partners, as they conduct business online," he says. "The SEA has found the weak link in these giants--it's not a direct attack; it's an attack against their partners (aka "supply chain")."

He has a good point, but we can extend that a step farther to encompass other businesses as well. The task of defending your network and protecting your PCs doesn't end at securing your own business. You have to take a broader approach and consider all of the networks and services your business uses, as well as the partner or supplier networks that are connected with yours.

Before you sign up for a service, or allow a partner or supplier to connect to your network, you need to do your due diligence. Make sure the companies you work with and grant access to your network have adequate security measures in place. Ideally, their security measures should be as good or better than yours. At the very least, though, you need to know what security controls are in place so you are at least aware of where the weak links in the chain are so you can be more vigilant about monitoring them.

Your network is only as secure as the weakest point that has access to it. For the Washington Post it was a third-party advertising platform. For the New York Times it was a weakness at the Web hosting provider. Where is your weak link?

Join the CSO newsletter!

Error: Please check your email address.

Tags network securityhackershacktivismsecuritywashington posttwitterbusiness security

More about FireEye

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts