Incidents reveal weak cybersecurity programs in news media organizations
Two cyber incidents involving news media companies emphasized the need for these companies to take a close look at their security operations.
In the past two days, it was reported that the site and Twitter account of New York Post He was hacked by a knowledgeable person, who was then fired by the newspaper. And the Thomson Reuters reports He left at least three of his databases open on the public internet. One of the open editions was a 3 TB public-facing ElasticSearch database that contained sensitive data across the company’s platforms.
SC Media reached out to security experts and asked them to provide some insight into why media companies are under constant attack and whether they have the security tools needed to address the growing threat landscape.
Jerrod Becker, competitive intelligence analyst at Deep Instinct, said media companies have been and will continue to be targeted by cyber attacks for at least two important reasons. First, as we’ve seen with both Sony and Thomson Reuters hacking, media companies are often behind the eight ball when it comes to completely protecting their computing environments from the inside out, making them relatively easy targets to hack. Second, Baker said, the intellectual property produced by media companies is very valuable, from blockbuster and unreleased films to sensitive news stories.
“If we are to see a significant improvement in the number of attacks on media companies, it will require a concerted effort by the cybersecurity community and you would like to have technical teams from the largest media organizations in place to identify common security vulnerabilities and provide the necessary policies and tools,” Baker said. If more specific security guidelines are created and implemented by an outside group, similar to what we see in compliance with Payment Card Industry Data Security Standards.”
Amit Shaked, co-founder and CEO of Laminar, explained that media companies target attractive targets because they can reach a large number of people in a short time. They also keep contact information for a large number of reliable and potentially valuable sources, scoops on stories that haven’t been broken yet, whether all details have been turned into articles or not, and massive amounts of notes/recordings from interviews With their story Shaked said the topics – which could include geopolitical actors.
“If their systems or even their social media accounts are hacked, cybercriminals or hackers It could spread false information, or if any of that data ends up in the hands of cybercriminals, they will have significant leverage to blackmail the company,” Shaked said. “In all cases, it is critical that news organizations know where all the data is located, and who is doing access to data and/or their systems, and what security posture they have, to prevent intrusions, leaks, and extortion.”
Shaked added that news organizations traditionally have smaller budgets than big companies in other sectors, which makes getting paid for cybersecurity tools and teams more difficult. Shaked said that with all the sensitive information they provide and the number of people they have access to, it will become increasingly important to fight for the investment.
Technical environments are less robust and may be more vulnerable to internal risks
Mike Barkin, chief technical engineer at Vulcan Cyber, noted that media companies operate in a much different environment than those providing financial services or healthcare. They operate at a rapid pace and do not have the same types of regulatory oversight found in other industries, Barkin said. Barkin said that while many of them invest in strong security controls, they are often not as high a priority as they are for a bank or hospital.
“This can lead to an environment that is not as robust as other potential targets, and employees who do not get the same level of security training, or take it seriously, as can be found in other industries,” Barkin said. “Media companies may not have the same types of personal data that threatening actors would care about, they still invite targets. It is hard to overstate the potential harm that could occur if a malicious actor took control of a widely respected media outlet.”
John Bampnick, Netenrich’s chief threat hunter, said attacks against media companies, especially social media accounts, have been ripe targets for a long time. The concessions are wildly overt, and thus embarrassing, making them attractive to disgruntled insiders or attention-seeking hacking activists.
“Normally, they don’t consider themselves to be in need of high security, except when it comes to national security or politically sensitive reports, so they may not embrace as strong controls as possible,” Pampenick noted.
Deep Instinct’s Picker said that media companies generally focus on preventing unauthorized access, and they may miss an internal threat. Becker pointed out Sony Pictures A 2014 hack in which attackers collected more than 100 terabytes of data undetected, and an individual who claimed to have participated in the attack as a member of the Peacekeepers said he had access for at least a year prior to the attack.
“While Sony Pictures undoubtedly has the best perimeter security to prevent unauthorized access, it did not take into account the use of a trusted account to steal data,” Piker said. Further analysis of the attack also revealed that the attackers had used a listening implant, backdoor, proxy tool, and malicious wiper software to gather information and then erase evidence of the attack. It is important that media companies take appropriate measures not only to prevent unauthorized access at the network level, but also to monitor suspicious system and user behavior at each level of access to avoid this kind of catastrophic harm.”
#Incidents #reveal #weak #cybersecurity #programs #news #media #organizations