The New York Times, Twitter, and other major sites were knocked offline yesterday in an attack by the Syrian Electronic Army (SEA). While there is certainly a political motivation to the hacks, there is an underlying lesson that all businesses should learn.
Apparently, the latest attack was the result of sites being redirected at the DNS server level. AlienVault Labs has posted a comprehensive list of domains pointing to the Syrian Electronic Army server as of last night. The WhoIs data for the New York Times domain showed the SEA listed as the admin for the domain, and the name server entries were modified to redirect to the SEA.
The Syrian Electronic Army was also reportedly behind recent attacks on The Washington Post. The recent attacks by the SEA have a common thread, and recognizing it is the first step to defending against future attacks.
Darien Kindlund, FireEye's manager of threat intelligence, says the attacks aren't coming through the front door and attacking the sites directly. Instead, they're going after the low-hanging fruit--exploiting weaknesses in third-party affiliates. "With the Washington Post, a third-party advertiser platform was hacked," he says. "With the New York Times, the SEA went after the hosting provider."
Kindlund has some stern advice for the affected organizations. "Targeted media companies need to start to look at their entire infrastructure not as a contained system, but rather, how does their infrastructure integrate with their external partners, as they conduct business online," he says. "The SEA has found the weak link in these giants--it's not a direct attack; it's an attack against their partners (aka "supply chain")."
He has a good point, but we can extend that a step farther to encompass other businesses as well. The task of defending your network and protecting your PCs doesn't end at securing your own business. You have to take a broader approach and consider all of the networks and services your business uses, as well as the partner or supplier networks that are connected with yours.
Before you sign up for a service, or allow a partner or supplier to connect to your network, you need to do your due diligence. Make sure the companies you work with and grant access to your network have adequate security measures in place. Ideally, their security measures should be as good or better than yours. At the very least, though, you need to know what security controls are in place so you are at least aware of where the weak links in the chain are so you can be more vigilant about monitoring them.
Your network is only as secure as the weakest point that has access to it. For the Washington Post it was a third-party advertising platform. For the New York Times it was a weakness at the Web hosting provider. Where is your weak link?