Modernizing Authentication — What It Takes to Transform Secure Access
On March 6th, MediaBistro's Betsy Rothstein reported that NationalJournal.com was hacked on or around February 18, though the breach wasn't discovered until February 28.
According to a memo from Atlantic Media general counsel Bruce Gottlieb, approximately 40,000 people who used Internet Explorer to get to NationalJournal.com from a search engine (not directly) between Feburary 18 and March 1 may have been prompted to download malware while visiting the site.
In a later interview with MediaBistro, Gottlieb explained. "We hired an external IT security firm, and they believe that no evidence suggests that passwords or emails shared with National Journal were compromised. It’s what we are calling a front door attack, meaning the unauthorized individual did not enter through any back channels nor did they have access to our internal emails and network."
Then, on March 12, Invincea's Anup Ghosh reported that his company had found that malware was being served by NationalJournal.com earlier that day (h/t Softpedia). "A clever redirect has been added to the very top of the main index page that creates an iframe pointing to an exploit pack landing page ... The malware downloads both a variant of the ZeroAccess rootkit as well as a FakeAV," Ghosh wrote.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
Still, as Ghosh pointed out, NationalJournal.com is hardly the only popular Web site to suffer this type of attack -- other recent victims include Reporters Without Borders and the Council on Foreign Relations. "What this tells us (as if we didn’t already know) is that the bad guys are increasingly going to the watering hole to attack their targets," Ghosh wrote.