The New York Times website was disrupted for several hours on Tuesday after an online attack on the company’s domain name registrar. Twitter was also targeted in the attack. A hacktivist group targeted the newspaper's domain name system provider, MelbourneIT. But the problem stemmed from a security lapse at a domain reseller.
The attackers used phishing, social engineering and stolen account credentials. They likely searched though contacts, connections, vendors and clients for the weakest link in order to gain entry, said Ben April, a senior threat researcher at Trend Micro. Meanwhile, Kevin Houle, director of threat intelligence at Dell SecureWorks' Counter Threat Unit, pointed out that usernames and passwords are still weak links in the security stack. The security experts said some of the following measures could have avoided the attack.