Digital news engagement is outpacing traditional print media, and this transformation is opening more doors for cyber attackers to deliver disinformation, steal subscriber data, and disrupt operations.
Despite these technological advances, cyber threat actors still rely on unsophisticated tactics to gain access to sensitive information that is held by journalists and the media industry. Take the recent Entertainment Software Association E3 Expo’s leak. Personal information of 2,000 journalists and other content creators was accidentally published on the video game trade show’s website—and available for misuse by bad actors looking to harass journalists, or even gain access to their email accounts. It’s one example of how accessible the media industry is for cyber threat actors.
Our intel analysts recently identified three notable cyber threats that media companies and individual journalists face:
No. 1: Selling compromised media websites on the criminal underground
Our analysts recently identified several compromised media websites offered for sale on underground hacker forums, often as an active web shell on the website’s server. Quite common across all sectors, this tactic highlights the ease that potentially sensitive media industry resources can be obtained on underground criminal marketplaces. Once sold, website access can be put to a variety of malicious uses, including malware delivery (e.g., exploit kits), data theft (e.g., database access), and disruption of a website’s availability.
To ensure your websites and other internet-facing resources are not susceptible to exploitation, deploy security updates as quickly as possible, harden servers by removing unnecessary services, and implement robust access controls and regular auditing of authorized user accounts, among other security best practices.
No. 2: Spearphishing attacks that target journalists
Earlier this year, our team observed a public forum request for “contact details” of a prominent media outlet’s journalist. The request stated that the forum participant had tried to gain access to the journalist’s accounts, including a personal Gmail account. In response, other forum participants discussed multiple ways to access the journalist’s accounts. Implementing threat detection tools across networks helps prevent media staff or employee information from falling into the wrong hands.
It is recommended that media outlets establish processes to receive warnings when employees’ official credentials are publicly exposed and quickly ensure compromised credentials are deactivated. In addition, use industry-standard anti-phishing controls across networks, and provide employee training so that staff understand the threats and their role in prevention.
No. 3: Creating inauthentic videos with deepfake technology
Deepfake technology is gaining momentum as a form of video sharing entertainment. Technology companies have recently been scrutinized for spreading disinformation campaigns over social media. These campaigns feature seemingly benign video content that is crafted from deepfake software. This technology could also be used to deliver malicious, politically motivated disinformation, as noted in our 2019 Cyber Threat Outlook.
In addition to training journalists and news staff to recognize the telltale signs of inauthentic videos, digital signature technology can potentially verify authentic videos. Likewise, you can prepare for the possibility of inauthentic videos reaching your audience by testing organizational response plans and practicing tabletop exercises.
The Bottom Line
No matter how a threat actor gets in, a cyber attack can cause significant reputational, operational, and financial damage. By implementing a combination of industry-standard cybersecurity measures with a detect-and-response capability, your media organization can mitigate the impact of cyber attacks. Learn more about common cyber threats in our 2019 Cyber Threat Outlook.
