With NBC’s website as just one example of the thousands of websites that get hacked every day, we see that often these hacks are achieved through simple code insertions in commonly known but unpatched vulnerabilities. In this case, it was loading malicious iframes which contained an exploit kit called Redkit, which tries to see if a visitor is running unpatched Oracle Java or Adobe software. This seems to be part of the long-running hacking campaign allegedly based in Shanghai that targeted U.S. corporations. http://alrt.co/XAYH71
Takeaway: It takes a combination of technologies to keep a continuous lookout for such incidents and exploits, especially for popular websites that can act as springboards to launch and infect millions of visitors. Using a combination of secure coding along with web application firewalls with continuous monitoring, suspicious events get caught much faster with minimal to no damages.