More than 40 companies including Apple, Facebook and Twitter have been targeted in malware attacks linked to an Eastern European gang of hackers using an iPhone-developer website, iPhoneDevSDK.
The hackers are mining for proprietary research and intellectual property they can re-sell underground, with their assault being called a “sophisticated attack” by Facebook and “extremely sophisticated” by Twitter.
RSA Security Inc. has called their tactics a “waterhole” attack, as victims are attracted to the source of the infection. This technique attacks a centralized website with many visitors and secretly infects vulnerable machines using an un-patched exploit. It differs from a targeted attack like emailing a malware-laden attachment to a specific user.
Apple said Tuesday in a statement, “We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple.” Apple countered with release of a Java patch for OS X users and a tool that will sweep Mac computers for any Java malware and remove the offending software, which millions of Mac users must now install.[more]
“We know there is a Java problem—most security experts agree with Sophos’ security expert, Paul Ducklin, who has consistently told computer users on any platform to “switch Java off,” according to a blog post by Computerworld. “Putting this into a wider context, as devices become connected (the Internet of Things) and mobile devices proliferate, it’s becoming ever more clear that Java may represent a major threat to the whole edifice of a connected intelligent Web.”
Additionally, both Jeep and Burger King recently had their Twitter feeds hacked, in which the brands’ handles were changed to those of their competitors. The New York Times, The Wall Street Journal, The Washington Post and the U.S. Department of Energy have also been repeatedly hacked.
Bloomberg Businessweek called Mandiant “the go-to security firm for cyber-espionage attacks.” The company, founded by George Washington University grad and former Air Force investigator Kevin Mandia saw revenues jump 76 percent last year to $100 million. “Outside of the [National Security Agency], I would guess that Mandiant knows more about advanced persistent threats [APT] than anyone in the world,” said Kleiner Perkins partner Ted Schlein.
Mandiant has traced the attacks to a Chinese military unit known as “Advanced Persistent hasThreat 1,” or APT1, contradicting consistent claims by the Chinese government that it does not engage in cyber-espionage. Mandiant accuses the hacker group, known as the “Comment Crew” or “Shanghair Group” of “more than 140 intrusions since 2006.”
With more hacks occuring, companies and agencies are beginning to fight back. “Compared to five years ago, more scams, illegal, fraudulent or spammy messages today come from someone you know,” notes Google in a blog post today. “Although spam filters have become very powerful—in Gmail, less than 1 percent of spam emails make it into an inbox—these unwanted messages are much more likely to make it through if they come from someone you’ve been in contact with before. As a result, in 2010 spammers started changing their tactics—and we saw a large increase in fraudulent mail sent from Google Accounts. In turn, our security team has developed new ways to keep you safe, and dramatically reduced the amount of these messages.”
While hacking on a global, political or social landscape has no apparent upside, for brands, there’s a silver lining. “The potential to be hacked is the social-media bogeyman that haunts many brands, but the week’s hacks unveiled a potential upside: an infusion of new followers that neither brand had to spend money to attract,” writes Ad Age. “Burger King grew its follower count from 83,000 to 110,000 inside of an hour.”
Indeed, once back in the driver’s seat post-attack, BK tweeted:
Interesting day here at BURGER KING®, but we’re back! Welcome to our new followers. Hope you all stick around!
— BurgerKing (@BurgerKing) February 19, 2013