View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Dark Web Marketplace Offering Major Ad Platform Login

"They could hijack referral commissions destined for others"

By CBR Staff Writer

UPDATED 15.20GMT March 14, 2019 with corrections, comment from Sizmek. 

Hackers have been caught selling access to a user account of Sizmek, an American online advertising platform that works with Gannett and Fox Broadcasting.

Security researcher Brian Krebs discovered the account for sale on a Russian-language cybercrime forum. The bidding starts at $800 for an account the hackers say allows you to: “Add new users to the ad system, edit existing ones and ad offers.”

See also: HolaVPN Network: Unencrypted and Abused?

If a threat actor buys access to this type of account they could use it as a platform to infect existing ad campaigns “by inserting malicious scripts into the HTML code of ads that run on popular sites. Or they could hijack referral commissions destined for others and otherwise siphon ad profits from the system,” Krebs notes in his security blog.

Austin-based Sizmek runs its advertising platform across 70 countries where it connects to over 20,000 advertisers and 3,600 agencies. A hacker with access to this ecosystem  could conduct a series of malware campaigns targeting unsuspecting shoppers.

Sizmek told Computer Business Review in an emailed statement: “Recently, a report surfaced on a cybersecurity blog site claiming Sizmek’s ad serving platform (Sizmek Ad Suite or SAS) had been compromised, suggesting that nefarious or unscrupulous behaviors occurred within our platform causing a breach.”

“We can confirm that no instance of account anomalies or code discrepancies from outside influences have been detected in our system.”

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

“Security is a priority for Sizmek and we are committed to protecting our platform with the utmost vigilance. In this situation, we were alerted about a possible internal login being exposed. Following the resolution of the incident, we undertook a comprehensive review to confirm that no unauthorized logins or accounts appeared in our system and remove any user lists that were not absolutely validated.”

The company added: “Our team is constantly monitoring for signals of irregular or unusual activities in our platforms and we take strong protective measures to ward off unscrupulous behaviors.  In any case, we go to extraordinary lengths to immediately address and further buttress our systems against possible harms.”

Sizmek General Council George Pappachen informed Krebs that they believe the account identified for sale online was a regular user account and did not have high level administration access as the hacker had claimed.

He said: “It seemed like [the screenshots were accounts from] past employees. I think there were even a couple of vendors that had access to the system previously.”

Advertising Platform Sizmek

It is still unclear what the vector of attack was that allowed the seller to gain access to the account. One theory is that a simple password spraying attack got a hit.

Password spraying is the term associated to an attack on an account login page that uses account user names in conjunction with commonly used passwords such as qwerty12345, month/year combos or the organisations name and a number.

The FBI believe that the recent breach of American software giant Citrix was caused by a hacker utilising a password spraying attack.

Read More: Citrix Data Breach: Were “Iranians” or “International Cyber Criminals” to Blame?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.