The Syrian Electronic Army appears to be using third-party web properties and domains to attack media organizations, based on new analysis from Cisco.
Furthermore, the networking giant warned that media sites depending on third-parties for content may be increasing the chances of their users being compromised by attackers.
The Syrian Electronic Army has a history of targeting news companies, among other prominent global organizations.
Earlier this year, the cyber-crime group launched and The Guardian, ., Thomson Reuters, The Associated Press,
, The Washington Post admitted that it was the victim of a cyber-attack incurred by the hackers supporting the regime of current Syrian president Bashar al-Assad.
The Atlantic also reported last week that the online channels for CNN and Time were also attacked by the same organization.
Jaeson Schultz, a threat research engineer for Cisco's Threat Research and Communications (TRAC) team, explained in a blog post on Friday that attacks on online sharing tools on Outbrain and ShareThis reveal a detrimental pattern:
A whois lookup informs us that the “sharethis.com” domain name is registered at GoDaddy, and typically it has its nameservers pointed to Akamai. However starting on the 21st of August, the nameservers for “sharethis.com” were pointed to nameservers used by the Syrian Electronic Army. The following data was found in passive DNS. (Please note that domaincontrol.com belongs to GoDaddy.)
Schultz hinted that it is up to Internet users to protect themselves, pointing toward usage of Web browser tools such as RequestPolicy, which restricts a browser to only load content from the domain located in the address bar.
Image via the Cisco Security blog