The latest media outlet targeted by the Syrian Electronic Army (SEA) is Forbes.com. The hacktivist group was able to breach a database containing email address and password combinations for over a million users’ accounts, including Forbes contributors. Although the passwords were one-way encrypted, the media outlet recommended users change their passwords. To prove that it carried out the attack and breached the database, the SEA defaced three online articles.

Syrian Electronic Army Attacks

It seems that cyber criminals are increasingly targeting users’ login credentials, which provide them access to various systems. Only two weeks ago, IBM learned that Yahoo’s email system was breached using credentials stolen from a third party. In a recent blog, the company explained how third-party database breaches can lead hackers to a user’s data.

With login credentials for a user’s account, it is possible to access information stored within the account. It is not known what type of information Forbes.com stored about its users, though concerns presumably relate to the exposure of personal and financial data. Credentials to contributors’ accounts may actually provide access to systems used by the media outlet to publish news, effectively allowing attackers to post fake news alerts. Last year, the Syrian Electronic Army took credit for hacking the Twitter account of the Associated Press (AP) and posting a fake news alert about a targeted attack on the White House and President Obama. The news alert was quickly denied, but not before the Dow Jones stock exchange fell by 1 percent and wiped $200 billion dollars from the entire market (stocks bounced back later in the day).

An additional concern is that many users tend to reuse passwords across multiple systems. After all, it’s hard to remember so many passwords. If they are extracted from the Forbes.com database, which enables access to the email accounts they are paired with, attackers can access these users’ email accounts. Searching through emails in any one account can expose a wealth of personal data. A breached user account can be used for developing spear-phishing messages and drive-by download attacks. The fact that the email comes from a trusted source — someone the user regularly exchanges emails with — increases the chances that recipients of a phishing email will fall for the scam. Forbes specifically warns users to look out for phishing attacks seemingly coming from Forbes.com.

If individuals are reusing their credentials or maintaining the same password, the exposed information may also provide access to other websites and Web services, including corporate systems. Although access to online consumer applications and services facilitates fraudulent activities, access to corporate systems can enable a full enterprise breach. There is no doubt that users who used their Forbes.com email address and password combination to log in to various other websites are at risk.

More from Fraud Protection

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today