Last week’s attack on the Virgin Radio Dubai website could have provided cyber-criminals with a springboard from which to launch targeted attacks, according to a researcher from Kaspersky Lab.
The popular music station’s website was taken offline last week by an attacker known only by his Twitter handle, @OxAlien. Having defaced the site, the hacker went on to tweet details about selling the website’s database to interested parties.
The interested parties should cause the most concern, according to David Emm, Senior Regional Researcher, Global Research and Analysis Team, Kaspersky.
“Think what could possibly be of interest,” he told CNME.
“Working on the basis that a lot of people use the same password and email addresses, having a database like this, they could access other accounts like Facebook and Twitter, and spread malware that way.”
The people who were allegedly interested in buying the Virgin Radio Dubai database are likely cyber-criminals themselves, Emm said. And if they gleaned any personal information from it, they could use what they know to set up targeted attacks or spear-phishing campaigns.
“For example, they could create an email that would appear to come from somebody you trust – in this instance, Virgin Radio,” Emm explained.
In terms of how the attacker took down the Virgin Radio website, Emm said that there wasn’t any concrete information at the time to go on: “It can simply be that somebody didn’t change the default password on the server, or somebody didn’t lock down the database they’re using – there’s various ways in.”
When asked about the person using the @OxAlien Twitter handle, Emm said that he hasn’t come across this particular attacker before, and that it was often difficult to attribute attacks to people. He added that the motive behind the attack wasn’t clear, either.
“On the one hand, he’s suggesting that it’s done for money, but on the other hand, he’s made statements that would suggest it’s a social protest. Maybe it was done as a protest and he saw an opportunity to sell it.”