Hackers compromise popular media outlets

The malware spread to users' machines when they clicked on links to the compromised articles.

One of the common misconceptions regarding safe Web browsing habits is that as long as users stick to established sites, they will not run afoul of malware or hackers. Although avoiding questionable links is always a good practice, it will not always protect individuals from malicious content. For a variety of reasons, members of the international hacking community are constantly attempting to compromise popular websites. The culprits may simply be looking to show off to their peers by orchestrating a high profile breach, but it is just as likely that they are attempting to spread their malware through a conduit that receives tens of thousands of page views each day. To prevent these insidious programs from infecting and corrupting a system, users should maintain robust perimeter defenses such as application control programs along with a system restore and recovery solution in the event that a malicious program becomes pervasive.

According to multiple sources, several high-traffic sites reported experiencing cyberattacks in what appears to be a widespread hacking campaign directed at conservative media outlets. Among those affected by the wave of activity include the Washington Free Beacon, National Journal and the Drudge Report. Cybersecurity researchers identified malicious code embedded in the content of two articles appearing on the Free Beacon’s website. When viewers accessed the compromised articles, they were redirected to executable malware.

Because these articles were hosted by a number of other news outlets, the malware was able to extend its reach. The Drudge Report alone received nearly 2 million unique visitors on the day of the attack, in addition to more than 200,000 mobile-browsing readers. Once deployed, the malware strain creates a backdoor for hackers to steal information, monitor user activity and ensnare machines into their botnet environments.

A display of sophisticated cybercrime
The tactics used by the culprits have demonstrated similarities to waterhole attacks that have become popular with cybercriminals in recent years. These assaults reflect a deepening sophistication of hacker activity as they carry out widespread campaigns while focusing on a narrow range of victims. For example, if a cybercrime syndicate wanted to infiltrate a particular company but didn’t want to risk taking its network defenses head on, it could instead compromise a site frequently used by the company’s employees to spread malware and bypass defenses. In this instance, it seems that the responsible hackers have targeted conservative-minded outlets and individuals.

IT teams managed to remove the threat within approximately 24 hours, but there’s no way of knowing how many users were affected just yet. According to cybersecurity professionals, the malware in question leveraged an unknown Javascript exploit, effectively eluding the threat detection efforts of popular anti-virus programs, so many site visitors may not even be aware that they have been infected. Cybersecurity experts recommended that network administrators perform a full cleanse of their servers to ensure that the threat has been removed.

Protecting networked workstations
Cybersecurity incidents such as this one are of particular concern to organizations that operate publicly accessible computer labs. Users routinely use these machines to access high-traffic websites that can become compromised by malware. To prevent these threats from infecting an entire array of workstations, administrators should deploy system restore and recovery tools to return their computers to their original settings. More sophisticated varieties of this technology allow operators to establish customized configurations that can be restored at anytime. For instance, administrators could organize their computer lab network so that workstations were returned to predetermined settings after each session. This way, whatever malicious content an individual may engage while using a machine will be automatically removed from the system once the session has concluded.

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.