Network Penetration Testing

Second Microsoft hack by Syrian Electronic Army

Second Microsoft hack by Syrian Electronic Army: The hacker group reportedly took over the @MSFTnews and @XboxSupport Twitter accounts, as well as the firm’s TechNet blog over the weekend.

The group subsequently retweeted an update from the @Official_SEA16 account, which accused Microsoft of monitoring users’ account and selling this data on to American intelligence agencies and various governments, while another tweet simply said that the “Syrian Electronic Army was here”.

Fortunately, Microsoft was able to quickly wrestle back access to its Twitter account shortly afterwards and also shut down the TechNet blog “for maintenance”.

This attack isn’t the first time Microsoft has been compromised on social media accounts, as the Syrian Electronic Army was able to gain access to Microsoft’s Skype social media accounts just ten days ago.

The group has also successfully hacked Anonymous, Al-Jazeera, the BBC, the Daily Telegraph, the Financial Times, the Guardian, the Human Rights Watch and the National Public Radio, all while using “fairly rudimentary phishing techniques” according to independent cyber security expert Graham Cluley.

“There’s no sign of the Syrian Electronic Army slowing down in its campaign of phishing attacks, designed to embarrass organisations and media outlets,” he blogged.

“Educate your staff about phishing attacks, and consider implementing two-factor authentication to better control access to your social media accounts.”

Reacting to the news, Kenneth Geers, senior global threat analyst at FireEye, told SCMagazineUK.com that this is the latest sign that spear-phishing attacks can be difficult to defend against.

“Most attacks like this can incorporate some element of spear-phishing, either against the target company or a vulnerable third party,” said Geers. “Defending against such attacks is maddening, because for defenders, there is too much ground to cover. They are forced to defend an entire corporate infrastructure, while attackers simply have to find one open door or window to crawl through.”