Establishing Digital Trust: Don't Sacrifice Security for Convenience
Forbes recently acknowledged that its website was hacked in late November 2014, likely by Chinese hackers, who modified a key file on November 28, 2014.
The hackers adjusted the Flash widget that greets Forbes.com site visitors to redirect those visitors to a compromised website serving malware.
"Malware that sought to acquire basic systems information from victims' machines could then potentially have been downloaded on targets' systems," Forbes stated. Anyone using browsers other than Internet Explorer, and running any Windows OS above XP, was likely unaffected by the malware.
When the modified file was discovered on December 1, 2014, the file was reverted and Forbes initiated an investigation. "The investigation has found no indication of additional or ongoing compromise nor any evidence of data exfiltration," a Forbes spokesperson said. "No party has publicly claimed responsibility for this incident."
It's not clear at this point how the hackers gained access.
According to iSIGHT Partners, the hackers are believed to be a Chinese group called the Codoso Team or the Sunshop Group. The malware included resources written in simplified Chinese, and was similar to variants of Derusbi, malware used by Chinese hackers.
The Codoso Team, according to iSIGHT, has been implicated in several attacks since 2010 targeting multiple industries, including defense, finance, energy, government, political dissidents, and global think tanks.
"Although the Forbes.com website is one of the most heavily trafficked in the world, we believe the campaign to be highly targeted in nature," iSIGHT stated. "We do not believe this to be an operation intent on infecting millions of victims but cannot state with certainty true numbers."
Trey Ford, global security strategist at Rapid7, told eSecurity Planet by email that attacks like these can be highly effective in targeting specific companies or groups. "Forbes will have a higher concentration of executive readers, which is a different target population than a more classic 'wide net' strategy of, say, targeting a website like Facebook," he said.