A cyber-attack targeting TV channel MSNBC highlights cybercriminals’ abuse of the public’s trust in news outlets and websites, according to Websense Security Labs.
The labs team at Websense, the global leader in in protecting organisations from advanced cyber-attacks and data theft, has observed a first of its kind spam/fraud campaign that redirected users from cable and satellite channel MSNBC to a fake news site. The attack gained access to and abused the company’s publicly available Bitly API key to create custom URL shorteners.
The various methods used by the group include:
– Use of publicly available Bitly API key for redirection.
– Use of a famous news site to redirect to a fake news site.
– Four redirection steps from real news site to fake news site.
– Spreading the link through Google and Yahoo groups and spam mail.
Carl Leonard, senior manager, security research, Websense, said:
“This incident shows how formidable cybercriminals are in abusing the trust that users have in news outlets and websites. Most users would never suspect that a URL shortener of a household brand, such as MSNBC, would be abused by cybercriminals. A simple change in tactics and the criminals could infect users with powerful malware with impunity, based on the trust generated by MSNBC amongst their readers.”
For more information and the full story on the MSNBC hack, please visit the Websense Labs blog at:
About Websense