SEA attack is no surprise

malware code in a website

Ecommerce website losses estimated in the millions of dollars.

Boom! There it is. As expected, someone took advantage of the holiday season to make a statement, and hacking into media and corporate brand websites is one way to get the world’s attention.

Early yesterday morning at 6:38 a.m. EST, The Media Trust was the first security company to detect a pop-up screen stating the Syrian Electronic Army (SEA) had hacked a website, first in mobile and then online environments. The ongoing, 24/7 scanning of more than 25,000 websites through our Media Scanner services allowed us to quickly detect the hack and prepare our clients for battle.

Upon detection of this pop-up message, The Media Trust’s Malware Team immediately analyzed the code and determined it stemmed from a call made by Gigya, a customer management platform used by more than 700 leading brands. The Malware Team immediately contacted affected clients so they could quickly remove and then block the malicious file, thereby helping clients avoid the time-consuming hassle of tracking down the issue’s source.

This was an indirect attack, because it compromised the DNS server at gigya.com, which is hosted by GoDaddy. The SEA did not gain access to the Gigya servers; instead they redirected Gigya’s Internet traffic to its own servers and then served a file called “socialize.js” which displayed the SEA’s message.

As with their past attacks, the SEA targeted media outlets and focused exclusively on websites and was not related to any ad content. The SEA attack did not distribute malware and was designed as an effective publicity stunt. Yet, what’s to stop them from doing something worse the next time? And, let’s be honest, even without the presence of malware, a message on an ecommerce site stating that it has been hacked, even for a few hours, results in lost transactions – those few hours translate into millions of dollars of unrecoupable revenue.

The lesson learned is that brand and corporate websites are just as vulnerable to attack as ad content. As The Media Trust cautioned in last week’s blog post, the holiday season is when the online ecosystem experiences a surge in attacks, and no business or organization is immune.

The best defense is to be on constant alert, a security posture that is difficult for most to assume. That’s why many firms leave it up to the experts to continually scan their online and mobile ecosystem. Keep in mind that The Media Trust’s Media Scanner detected this attack before Gigya. Do you want to know about your website being comprised so you can take action before the world knows? Think about it.