Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Following New York Times Breach, Wall Street Journal Says China Hacked It, Too

FBI says it has been investigating cyberattacks on U.S.-based media outlets for a year

The sophisticated cyberattack launched on The New York Times revealed earlier this week was not the first attack on U.S. media by Chinese entities, officials say.

The New York Times reported an attack targeted at two of its China-based journalists late Wednesday night. According to news reports on the Times attack, entities from China used a combination of spear-phishing and 45 pieces of custom malware to try to obtain the sources of reporters who wrote about the family of Chinese prime minister Wen Jiabao.

The attack, and its subsequent analysis by security firm Mandiant, drew attention from security analysts for its unique level of sophistication. But yesterday officials at The Wall Street Journal said their news bureau in China has also come under fire.

In an article posted Thursday, The Wall Street Journal stated that its system had been "infiltrated by Chinese hackers, apparently to spy on reporters covering Chinea and other issues." Sources at Dow Jones & Co. said the news organization has also been the target of attacks from China.

The U.S. Federal Bureau of Investigation has been probing media-hacking incidents for more than a year and considers the hacking a national-security matter, officials said.

The sophisticated attack on the Times has been cited by some security experts as an indictment of antivirus technology. According to the Mandiant study, the Symantec AV technology used by the Times blocked only one of the 45 pieces of malware used in the exploit.

"Signature-based technologies, such as AV and IPS -- still the cornerstones of many enterprise security strategies -- are actually getting worse at preventing malware infections," says John Prisco, CEO of anti-malware service provider Triumfant.

But Prisco and others note that the shortcomings of AV technology have been known for years. Symantec, itself, issued a statement that indicates that turning on an AV product, by itself, will not completely prevent malware infection.

"Advanced attacks like the ones the New York Times described ... underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions," Symantec said in a public statement. "The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks.

"Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats," the statement says. "We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough."

But Rohyt Belani, CEO of security service provider PhishMe and a former Mandiant employee, says all of the attention given to the Times' antivirus solution belies the more serious problem of how to prevent targeted attacks.

Large enterprises like the Times usually have an array of security tools, including email filtering, intrusion prevention, data leak prevention, and more, Belani notes, yet the Chinese attacks circumvented all of them -- as well as the AV applications -- and continued for a period of four months.

"A determined attacker, in a sophisticated attack like this, is going to get through," Belani says. "Companies need to understand that they not only need to develop good technical defenses, but they need to educate their people. If one employee had spotted something out of the ordinary and reported it, this attack might have been stopped a lot sooner."

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kjhiggins
50%
50%
kjhiggins,
User Rank: Strategist
2/1/2013 | 9:57:11 PM
re: Following New York Times Breach, Wall Street Journal Says China Hacked It, Too
Hopefully, all of the affected the news organizations are sharing their attack intelligence, etc.

Kelly Jackson Higgins, Senior Editor
Dark Reading
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Deliver a Deadly Counterpunch to Ransomware Attacks: 4 Steps
Mathew Newfield, Chief Information Security Officer at Unisys,  12/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19604
PUBLISHED: 2019-12-11
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
CVE-2019-14861
PUBLISHED: 2019-12-10
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permiss...
CVE-2019-14870
PUBLISHED: 2019-12-10
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authent...
CVE-2019-14889
PUBLISHED: 2019-12-10
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...
CVE-2019-1484
PUBLISHED: 2019-12-10
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.