How the Newswire Hack Could Have Been Avoided
Tuesday’s indictment of nine people for hacking and insider trading shows once again the power of targeting, the vulnerability of browsers, and that everyone is a potential target.
The criminals hacked their way into three newswire services: PR Newswire, Marketwired, and Business Wire. They grabbed press releases during the interval between upload and release, sometimes as long as days, and traded on the publicly unknown information. Using this technique, they generated over $100 million in illegal gains.
It appears that the attackers used simple phishing emails with links to malware-loaded websites to compromise the newswire companies.
These were not general attacks. These companies and their individual email addresses were specifically targeted for this scam. The use of phishing links rather than attached files is consistent with the trend towards web-delivered malware as the most effective path for compromising endpoints.
That the attackers were able to continue their activities for five years shows the power of narrow and targeted attacks to avoid detection over long periods.
I believe that, had they been using a browser isolation and identity shielding solution like Passages, they might well have avoided most or all of these attacks.