Posted: Feb 23, 2013 2:28 PM by Chenda Ngak - MTN News
Like a chain of dominoes, it seems like high-profile companies are continuing to report incidents of security breaches. What these hacks have in common are that they are being publicly reported by the companies, but experts say these attacks are nothing new.
Most recently, Zendesk reported that it was hacked and that its clients Twitter, Tumblr and Pinterest may have been affected. NBC.com was hacked for about 15-minutes Thursday and users were warned that malicious software would infect their computers.
Ryan Sherstobitoff, senior security researcher at McAfee Labs, told CBSNews.com over the phone that these incidents are a sign of things to come.
"From a trends perspective, there is an increase of attacks," Sherstobitoff said, adding that that targeted hacks are not new, but the intended targets of security breaches have shifted.
"To give some specific examples, there's been a shift in malware that's typically been used for financial crime or is banking-oriented that has been repurposed to other entities to gain sensitive data," Sherstobitoff said. In recent months, high-profile companies like Apple, Facebook and the New York Times reported security breaches.
In January, the New York Times reported that Chinese hackers repeatedly penetrated its computer systems over four months. Within days, the Wall Street Journal and Twitter reported similar types of sophisticated cyberattacks. While the attacks made headlines, they were not isolated or new.
"In a broader picture, we've seen these attacks against lots of companies. The Times is just unique in the fact that they reported it," Mandiant security expert Nick Bennett told CBSNews.com in a recent interview.
In a 60-page report, cyber security firm Mandiant says that its "research and observations indicate that the Communist Party of China is tasking the Chinese People's Liberation Army to commit systematic cyber espionage and data theft against organizations around the world." However, the Chinese government denies any involvement in the cyberattacks.
President Obama signed an executive order on Feb. 12 to ramp up the nation's cybersecurity, by enabling government to share more data with private industry partners and create a new framework of practices to reduce cybersecurity risks.
But Sherstobitoff suggests it will take industry-wide collaboration to protect from the variety of ways American companies are being targeted. Experts agree that the way hackers breach an organization tends to be through spear phishing, which essentially a highly-customized and targeted phishing scam.
"Spear phishing is just the way to execute something," Sherstobitoff said. "It's common to all types of attacks." Once hackers access a system, they can either use what's called a waterhole attack, which compromises a website or installs malware, or access an organization's internal environment to extract data.
In the case of NBC.com, Sherstobitoff said the goal appeared to be to affect as many users as possible, which with the case of the New York Times, the objective was to obtain data.
The security breaches reported by Apple and Facebook in the past few weeks were associated with exploits of Java plug-in for browsers.
In January, the U.S. Department of Homeland Security advised people to disable Java software on their computers to avoid potential cyberattacks. Oracle released a patch for Java within days of the advisory, but experts warned that there is no full-proof way to protect against this type of attack because there is always going to be flaws in software.
"Basically the main difference in these strings of cyberattacks isn't the volume or frequency of the attacks but the fact that they're being publicly disclosed by the companies," Kurt Baumgartner, senior security researcher at Kaspersky Lab, told CBSNews.com via email.
And while high-profile companies are the intended target, individuals may find themselves caught up in the fray.
"In the case of Facebook and Apple, in addition to the high value systems the attackers were after, the attacks connecting these infected websites infected unintended individual consumer computers/workstations," Baumgartner wrote. Having access to individual accounts adds credibility to a spear phishing email by using personal data that may be obtained.
"The consumer is then used as a pawn since the spear phish is sent in their name, which increases the likelihood that the high-value target will open the email. The spear phish maintains malware inside it which enables the attackers to compromise the computer and gain access to the high-value target's computer and network. In other words, all of the folks visiting these sites may provide some unexpected value to the attackers," Baumgartner wrote.
There is no silver bullet for preventing cybrattacks, but Sherstobitoff says that people should look out for irregularities or suspicious behavior in their emails. Any email that you're not expecting or type of content you're not used to seeing should be considered suspicious.
"Don't open anything unless you're absolutely sure it's from the sender," Sherstobitoff said. "There are little things that give away that it's a fake."
© 2013 CBS Interactive Inc. All Rights Reserved.