Impact of EA Games hack on Apple shows ripple effect of attacks

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.csoonline.com/article/750088/impact-of-ea-games-hack-on-apple-shows-ripple-effect-of-attacks

The recent hacking of an EA Games server demonstrates how the compromised
system of one company can be used to bypass the strong security of another,
in this case Apple.

The attackers who compromised the EA server set up a phishing site that
targeted Apple accountholders. PCs calling the servers were redirected to a
sign-in page that tried to trick the computers' users into providing their
Apple ID and password.

If given, the victims were shown a second form asking for their full name,
credit card number, expiration date, verification code, date of birth,
phone number and mother's maiden, all useful information for fraudsters.
After submitting the details, victims were redirected to the legitimate
Apple sign-in page.

The phishing site, reported Wednesday by Netcraft, was taken down the same
day by EA.

"We have found it, we have isolated it, and we are making sure such
attempts are no longer possible," the company said in a statement emailed
to the media. "Privacy and security are of the utmost importance to us."

Such site compromises are not unusual, but what was interesting about this
attack was how the hackers used EA to try to steal credit card information
and personal data from Apple customers.

"It is an interesting systemic risk challenge as organizations that may
have weaknesses that are exploited in their systems can have downstream
impact on other organizations that may have strong security," Stephen
Boyer, co-founder and chief technology officer for BitSight Technologies,
said. "That's one of the big takeaways from this incident."

The compromised server was used by two websites in the EA.com domain,
Netcraft reported. The server is used to host a calendar based on
WebCalendar 1.2.0.

Released in September 2008, that particular WebCalendar version has several
security vulnerabilities, which had been addressed in subsequent releases,
Netcraft said.

"It is likely that one of these vulnerabilities was used to compromise the
server, as the phishing content is located in the same directory as the
WebCalendar application," the company said.

Companies that run old versions of Web-facing software greatly increase the
chances of a security breach, experts say. Hackers actively look for old
software as a possible entry point into a corporate network.

EA Games has also been the target of phishing attacks. Netcraft reported
finding a site set up to look like it was from EA's Origin game site. The
bogus site, which had been online more than a week, tried to steal email
addresses, passwords and security questions from EA customers.

Earlier this year, an apparent denial of service attack against EA's Origin
servers caused connectivity and login problems, according to Netcraft.

In 2013, BitSight found multiple incidents in which EA servers hosting the
company's websites had been compromised and were being used to download
malware and participate in denial of service attacks, according to Boyer.
He declined to say how many times EA servers were compromised through out
the year, but said the systems were eventually cleaned.

EA was not alone in battling attacks last year. A BitSight study released
in February found that between 68 percent and 82 percent of Standard &
Poor's 500 companies had an "externally observable security event" at any
given time in the year.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!