Friday, May 11, 2012

TTPs: Lessons from Today's Amnesty Hack

Via Imperva -

Amnesty International UK's website was hacked courtesy a backdoor dropped on visitors systems. Most likely done by a foreign government, many speculate that it's the Chinese. Websense's blog gives a good technical overview of the attack.

But what does it mean for security teams?

In some cases, hackers don’t want to steal the data from the website but rather want to infect the users who are visiting. This can lead to more access to business critical data which, for example, is often stored as files on a fileserver. In the Amnesty case, the real prize isn't Amnesty's data per se, but the corporate and individual data and files of those who visit the site.


-------------------------------------------------

This exact technique has been used by advanced adversaries in previous targeted attacks. Intelligence sources have obvsered this technique being used in attacks against the US defense industry as well.

July 2011 - Attack On Pacific Northwest National Lab Started At Public Web Servers

No comments:

Post a Comment