Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Chinese Attackers Hacked Forbes Website in Watering Hole Attack: Security Firms

A Chinese attack group infected Forbes.com back in November in a watering hole attack targeting visitors working in the financial services and defense industries, according to two security companies.

A Chinese attack group infected Forbes.com back in November in a watering hole attack targeting visitors working in the financial services and defense industries, according to two security companies.

“A Chinese advanced persistent threat compromised Forbes.com to set up a watering hole style web-based drive-by attack against US defense and financial services firms in late November 2014,” Invincea said in a report posted on its site.

The attack exploited two zero-day vulnerabilities, one in Microsoft’s Internet Explorer and the other in Adobe’s Flash Player, Invincea and iSight Partners said in their joint report released Tuesday. Adobe fixed the flaw back in December and Microsoft updated Internet Explorer as part of its Patch Tuesday release.

The cyber-espionage campaign appeared to last only a few days, but iSight and Invincea did not rule out the possibility of the campaign lasting a longer period of time.

The malware infection was inside the “Thought of the Day” Flash widget which appears whenever users try to access a Forbes.com page. Visitors didn’t need to do anything other than to try to load Forbes.com in their browser to get infected. The demographics of the typical visitor to Forbes.com—senior executives, managers, and other professionals working for major corporations—indicate this campaign focused on cyber-espionage, not cybercrime, said Stephen Ward, an analyst with iSight Partners. Watering hole attacks are insidious because it wouldn’t occur to anyone that these sites could be infected.

Even though Forbes.com is a highly-traffic site with millions of visitors, iSight and Invincea said this wasn’t a widespread malware attack out to compromise as many victims as possible, but rather a very targeted one. Invincea noticed some of its customers in the defense industrial base were targeted by malware when loading Forbes.com, said Norm Laudermilch, COO of Invincea.

While Invincea did not see customers in other industry sectors affected by this attack, iSight researchers observed the same infection targeting visitors from financial services organizations and a handful of other sectors. Both companies declined to identify the companies which had been targeted.

While the infection attempts failed against Invincea customers, it’s likely other visitors to Forbes.com in the targeted sectors were infected. “This was clearly a targeted attack against a specific group of organizations,” Laudermilch said. It wasn’t against specific individuals, because the group would have likely used spear phishing, instead.

Advertisement. Scroll to continue reading.

Neither iSight or Invincea had the visibility in the attack to be able to tell whether the attack group had achieved its objective against its victims, or even what the exact objective was, Laudermilch said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...