In a prime example of social engineering, hackers targeted the websites of Dolphin Stadium and the Miami Dolphins, host to last Sunday’s Super Bowl American football game, to post malicious code attempting to infect users’ PCs.
The breach on the stadium’s website was discovered by Websense automated tools on 26 January, but engineers at the company were not alerted to the problem until Websense customers complained that they were unable to visit the site.
According to Websense, users who went to the Miami Dolphins' Super Bowl website with a web browser not running the most recent patches from Microsoft could get exploited.
The websites that downloaded the malicious software were said to be based in China, and exploited Microsoft flaws that were supposed to have been patched by October.
The attack raised fears that the heightened interest in American Football running up to the Super Bowl, plus some still unpatched users’ systems, could mean a rash of Trojans being downloaded to corporate networks.
They should have seen this coming, I suppose, but the ingenuity of the ne’er-do-wells is almost admirable. Target the interest in the Super Bowl, hack the website, assume some corporate systems will be unpatched, and then watch those Trojans go to work. Brilliant!
What we need, in American Football parlance, is some equally strategic thinking to counter these offensive attacks with high-pressure defence.
Comment on this article: [email protected]