In April, SEA managed to redirect users trying to access the RSA Conference website to a defacement page. The attack was carried out through Lucky Orange, a real-time Web analytics provider used by the RSA Conference website.
"If you're using 3rd party analytics or advertising networks, your website's security relies on the weakest of those since any of them is able to take over your website (and potentially steal your user's data or trick them into installing malware)," Jacobs said. "Websites like Reuters use more than 30 of these services and thus expose a considerable attack surface."
Sign up for CIO Asia eNewsletters.