Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - System DZ Hack US
News & Analysis

System DZ Hack US

ISBuzz TeamBy ISBuzz TeamJune 27, 2017Updated:July 4, 20245 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Businessman pressing multimedia type of modern buttons with virtual background
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

It was reported this weekend that a group called ‘System DZ’ are responsible for hacking multiple US Government websites on Sunday, IT security commented below.

Lee Munson, Security Researcher at Comparitech.com:

“While there is no way for sure to know how Ohio government websites were hacked recently, the likelihood is that the attackers leveraged cross-site scripting or SQL injection (as done previously, here) to gain access to the back end.

Such an attack is not overly sophisticated and is easy to pull off against a website that lacks basic security controls, such as correct read/write permissions, latest patch installs, etc.

Once the attacker had access to the administration side of the website, they simply needed to swap the homepage out for the message they had created.

The group allegedly behind the attack – Team System DZ – appears to be a pro-ISIS group formed around November 2015. According to the group’s Facebook page, it has been responsible for several previous defacements of lesser government and educational websites since its inception.”

Andrew Clarke, EMEA Director at One Identity:

“The most recent attack from the group known as team System DZ struck Ohio in the United States over the weekend.  This attack is called a website defacement where the home page of a website, in this case government websites, are replaced by propaganda in support of the group’s belief or intentions.   In general, these attacks do not garner the type of media attention as phishing schemes or ransomware because the hard dollar cost is difficult to calculate; rather, the negative impact is measured in lack of trust or brand damage.  Sometimes however, they can be a front for a follow-on and more severe attack.

We have seen groups such as Team System DZ being active over recent months, but according to web-site deface tracker site Zone H, just since Friday morning they have been responsible for over 200 website defacements.   There is no pattern to this – the web-sites covering a range of areas including US government offices.

Often the websites have been developed with WordPress – where several recently exposed vulnerabilities have increased the opportunity for this type of defacement.    The best approach is to lessen the opportunity for compromise.  One of the first steps to secure WordPress is to change the default username and password for admin.  It is easily guessed by a potential hacker so an alternative account name for admin will help.

These attacks are performed by storing a malicious file on the target server that gets executed at a specific time.  Rectifying the situation is not difficult and is a multi-step process.  First, the admin takes the server offline to ensure the negative message is not spread any further.  Then, the admin must find the offending file(s).  This is the tough step as it’s difficult to determine when the offending file was uploaded or by whom.  There are several websites available to aid in this action.  Next, a restore from a state prior to the offending file being uploaded is performed and “presto,” the website is restored.  To be prepared for a potential defacement, organisations are encouraged to regularly backup their web-site, so if the rollback is required it can be done quickly and easily.

Since the most common way that hackers can access a WordPress account is through compromised or easily guessed passwords, a strong 12-character password should be selected.  Passwords should then be managed effectively through a password management tool that causes a password to be reset frequently and provides a self-service capability to minimise administration tasks. This can be done through privileged account management solutions as well as multi-factor authentication.  Going forward, the admin needs to make sure backups are performed regularly and that access to the server is hardened.  In addition, ensuring the firewalls are configured to limit access is always a good idea.”

Itsik Mantin, Director of Security Research at Imperva:

 “Website defacement attacks are probably the most common and easy-to-mount class of web attacks. The group Team System DZ that is claimed to be behind this attack has history of defacement attacks for political purposes and, from previous analysis of incidents attributed to them, it seems that their way of work is mostly opportunistic, using basichacking tools like brute force on admin passwords on large number of sites of interest, and once finding sites that are unprotected, take over these sites and plant the group’s message in the site.

Without referring specifically to this incident, and regardless of the actual method that was used in this attack, the sad fact is that even today, after at least 20 years of research of web attacks and mitigations, and with numerous web attack protection solutions available in the market, still significant portion of web applications are vulnerable to some of the oldest trick in the web attack book, like password brute force.”

Chris Olson, CEO at The Media Trust:

Domain Phishing“Website defacement is a typical tactic used by hacktivists seeking to have their voices heard.  While the cause is still being investigated, it wouldn’t surprise me to discover that this defacement leveraged a phishing attack (via email or website third-party code) to obtain administrative privileges and access the web server. During the past 10 months, The Media Trust has detected a 35% increase in web-based phishing incidents. In these scenarios, employees visit reputable websites–news, travel, office supplies, weather, etc.–during the course of their day and are presented with a fake survey or sweepstakes requesting input of personal information. In other scenarios, bad actors exploit the digital advertising ecosystem to profile website visitors and inject malware only when certain conditions are met.”

Chris explains,“Traditional security defenses like blacklists, whitelists, generic threat intelligence, AVs, web filters and firewalls can’t keep up with the highly-dynamic digital environment. IT departments need an additional layer of protection that leverages real-time threat intelligence regarding active, rapidly-morphing threats propagating in the digital ecosystem. This web-based attack data exposes real malware events that can be proactively arrested before penetrating the enterprise network and endpoints.”

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Exploited Faster, Patched Slower: Verizon DBIR 2026 Shows Security Teams Losing Ground

May 20, 20265 Mins Read

Foxconn confirms cyberattack following Nitrogen ransomware claims

May 14, 20263 Mins Read

Security’s Blind Spot: The Threats Hiding in “Low-Severity” Alerts

May 6, 20265 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}