It makes lots of sense for a Hacktivist group that wishes to display their message and show that they exist – to go after high end media. They have been actively hacking Twitter accounts of news sites and have recently escalated to hacking into the websites themselves to create awareness.
This is in an essence, what Hacktivism is. There is no profit involved however making all of us aware of the Syrian rebellion is their goal. The Syrian Electronic Army Is very successful in creating the awareness that they are after.
What Is interesting in this trend of Hacktivists going for the same group of targets, is that there are most likely similarities in attack patterns and techniques and even attack sources. There is also a great chance that some of the targets use the same kind of platforms to present their website, so the target becomes similar as well. The reason it is so interesting, is because there is a crowd sourced approach to solve this problem.. sharing attack data between companies.
As of the time of writing this, the Syrian Electronic Army have stated that all recently breached media sites (NYTimes, CNN, and the Washington Post) were an act of their hands. What we can learn from it, is that if one of those companies shared their threat intelligence on the attack and its characteristics in advance, the others could have been prepared in advance.
Media websites should see themselves as any other website that is trying to keep their website secured, but implementing web protections such as a web application firewall To defend the web applications themselves, alongside DDoS protection to defend against a potential (and likely) flood. It is also important to share attack information between companies in order to enable early alert and mitigation of such threats.
Barry Shteiman, Senior Security Strategist at Imperva
