Incident Of The Week: Media Site Targeted In DDoS Attack, Method On The Rise



Dan Gunderman
02/09/2018

[This article was updated Feb. 9]

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a suspected distributed denial of service (DDoS) attack that struck a leading press release wire, along with a recent surge in DDoS attacks.

Business Wire, which pushes corporate press releases for leading companies, indicated on Tuesday that it has been dealing with a cyber-attack poised to disable the site, according to Reuters.

Business Wire is owned by high-profile business magnate Warren Buffett, and his company Berkshire Hathaway, Inc. The company said the DDoS offensive was a “directed and persistent” attempt that had been ongoing since Jan. 31.

The company has also made it clear that no customer information was compromised in the attack.

See Related: Incident Of The Week: DDoS Attack Hits 3 Banks Simultaneously

Neil Hershberg, senior vice president at Business Wire, said, “Our website slowed down. At no point were clients unable to get our releases to us. Our distribution network was totally unaffected by this attack.”

In similar attacks, when hackers zero in on a specific network, their aim is to cease its functions. They do so by overwhelming systems with a message/data influx. As a result, customers may fail to conduct business as load speeds are sluggish or just nonexistent.

In a statement provided to the Cyber Security Hub on Feb. 9, Hershberg said, "Today we are able to share that our system is stable and we have successfully mitigated the malicious attempts to render our website unavailable. Additionally, by working closely with industry-leading security partners, Business Wire has implemented enhancements to our Web Application Firewall that will assist in better identifying and blocking attacks of this nature."

He indicated that the cyber security specialists will assist with the continuing investigation.

Furthermore, the statement repeated that there is "no evidence that any systems or client information have been compromised..." The company said that the DDoS threat did not have any impact on its investorHQ- and NewsHQ-hosted solutions.

In its end-of-week statement, the company added: "Business Wire accepts and recognizes that our website's responsiveness may have inconvenienced you and for that we sincerely apologize. We are committed to ensuring you can depend on Business Wire at your most critical moments."

Berkshire Hathaway purchased Business Wire, headquartered in San Francisco and New York, in 2006.

In his previous statement, Hershberg touted the company’s standing as the go-to destination for Fortune 500 companies. This raises a potential security concern for CISOs of the large enterprise.

DDoS IOTW Business Wire

See Related: Incident Of The Week: Gov. Transit Agency Attacked By N. Korean Malware

The incident, in which the third party (the wire) hosts data of these deep-seated companies, is not an unusual channel for black hats to tap into – with hopes of lifting sensitive customer information.

In fact, in 2015, more than 40 individuals had charges leveled against them by U.S. authorities for the theft of 150,000 news releases from Business Wire – plus Marketwire and PR Newswire. The heist took place over the course of 5-1/2 years.

According to the recent report, in the earlier incident, traders gave hackers “shopping lists” of releases and in return turned more than $100 million in illegal profit – vis-à-vis insider trading on the information contained within the releases. Five defendants have pleaded guilty in the case.

Elsewhere, DDoS threats have been keeping security teams on their toes. As reported last week by the Cyber Security Hub, a string of Dutch banks recently became the target in DDoS attacks. The institutions, along with the nation’s tax office, suffered slow or halted speeds. The events began the weekend of Jan. 27-28.

ABN AMRO, ING and Rabobank all fell victim to the DDoS outbreak. The resulting effects included time-out websites and slow speeds. The tax office, specifically, is believed to have gone dark for about five to 10 minutes.

While nation-state actors were feared to have been wreaking havoc on Dutch financial systems, police in turn arrested an 18-year-old known as “Jelle S,” in Oosterhout, a city in the southern Netherlands.

What's more, according to new data from Kaspersky Labs, DDoS attacks in the last quarter of 2017 were “livelier” than the previous one.

Stayed tuned for more information and insight on ongoing DDoS threats in the enterprise.

Be Sure To Check Out: Incident Of The Week: Hospital Pays $55K In Bitcoin After Ransomware Attack