A recent four-month cyber attack against a major newspaper highlights the importance of investigating and mitigating cyber attacks to prevent future damage.
The New York Times was recently the victim of an attack launched by Chinese hackers that allowed the attackers to access the newspaper’s computers and email accounts for four months.
While it’s unclear exactly what happened, computer forensics firm Mandiant say it’s likely the hackers used phishing attacks to get users to click on malicious links or download attached malware.
The attack started while journalists were working on a story about the multibillion-dollar fortune accumulated by relatives of China’s Prime Minister Wen Jiabao, the paper reported.
After initially trying to block future access from the attackers — whose behavior mirrored previous attacks believed to be associated with the Chinese government — Mandiant was called after the company continued seeing evidence of attacks. Apparently, the hackers stole the log-in information of all employees from the network’s domain controller.
The company eventually ended the attacks by replacing 53 computers that had been compromised (though some IT security experts point out that may have been an overreaction), as well as changing the usernames and passwords for all employees.
Investigate thoroughly after cyber attacks
The lesson for IT: After a cyber attack is discovered, it’s important to launch a thorough investigation into what happened and how, and what potential backdoors may still be open. In targeted attacks such as the one launched against the New York Times, sophisticated hackers try to make sure they’ll be able to keep coming back for more sensitive data.
And it isn’t just well-known newspapers and other prominent enterprises that are being hit by targeted attacks. Small businesses are increasingly being targeted by hackers — in 2012, 36% of all targeted attacks were launched against organizations with fewer than 350 employees, according to IT security firm Symantec.