Global Cyber Executive Briefing
The online media sector might have the greatest exposure to cyber-threats. Since its organizations operate online, they have a huge attack surface to protect. Also, since its products are in high demand and completely digital, there is a high risk of being infiltrated and robbed of valuable content – both by individuals and organized crime groups.
- Case 1 - Email addresses stolen from an email service provider
- Case 2 - News website is the launch pad for a banking malware outbreak
- Case 3 - Hackers redirect readers to fake news
As in other industries, attacks that use an organization’s website as the point of entry are common (case #1). So are social engineering attacks, such as spear phishing, which trick people into giving away passwords and other sensitive information. However, what makes the online media industry unique is the fact that the sector itself can serve as a vector for launching attacks, due to the large number of people who use its services. A good example of this is the “watering hole” attack, in which hackers breach a popular website and then use it as a delivery platform for malware. (case #2)
Another threat that uses online media itself as the attack vector involves manipulating news sources to trick people or automated programs into making misinformed decisions. There are many well known examples of high profile online media accounts being hacked and fed deceptive information. In one extreme case, the attack triggered a stock market crash by fooling stock trading programs into placing automatic sell orders based on false information from a political online media account.
For online media organizations, attacks that cause reputational damage are one of the biggest threats. News organizations in particular are increasingly popular targets for hacktivists and attack groups loyal to a particular nation or cause. Some of these attacks target specific reporters in an effort to uncover their sources; other attacks disrupt websites or present substitute content in order to damage an organization’s reputation, spread propaganda, or manipulate public opinion. (case #3)
Case 1 - Email addresses stolen from an email service provider
A company that provides email services for more than 2,000 large organizations in all sectors, sending billions of marketing and customer communications emails annually.
An unknown group of hackers breached the company’s databases and stole nearly 60 million email addresses.
Attackers and motivation
Little is publicly known about the attackers. They might have been “script kiddies” hacking for fun, organized criminals planning to use the email addresses for spear phishing attacks, or perhaps a competitor trying to embarrass the company.
Although the exact technique has not been disclosed, experts believe it was something simple, such as SQL injection. This might explain why the company has been reluctant to share details about the attack.
Although this breach only involved names and email addresses, not financial information, it was very damaging because it was directly related to the company’s core business of sending marketing emails on behalf of clients. Also, the sheer size of the data loss drew a lot of attention from the media. The company was forced to notify all affected clients, who in turn had to notify their own customers, since this massive leakage of email addresses exposed them to spear phishing attacks. This made both the company and its clients look bad. In tangible terms, this breach cost the company and its clients an estimated $200 million in customer compensation.
Case 2 - News website is the launch pad for a banking malware outbreak
A company hosting a news website that ranks in the top 20 of most visited websites within the country it serves.
Attackers used the website as a platform to spread malware. They established this by gaining access to a third-party advertisement system, which they then used to place infected advertisements on the news website. When clicked, the infected ads checked the user’s software version, and when a vulnerable version was found installed malware on the victim’s computer that would hijack banking transactions and steal card payment information.
Attackers and motivation
The complexity of the attacks and use of banking malware strongly suggest an organized crime group out for financial gain.
This attack used malware specifically designed to steal money from online banking users in the country where the website is hosted. How the attackers obtained the credentials to the third-party systems that distribute advertisements is not known, but once they gained access, it’s clear they used infected advertorials to spread the malware.
As the launch pad for a large outbreak of banking malware, the organization’s reputation took a big hit. Also, since the organization makes almost all of its money from online media, its number one priority and challenge was to restore readers’ and advertisers’ trust in online advertisements.
Case 3 - Hackers redirect readers to fake news
A large news organization, with a strong presence both online (websites) and offline (newspapers).
A hacker group with political ties tricked employees of a third-party domain registrar into revealing information that was then used to access domain name server (DNS) records, allowing the group to redirect all incoming web traffic to its own website.
Attackers and motivation
The attackers were hacktivists spreading propaganda and wanting to influence public opinion about events occurring in their region.
The attackers used social engineering, in particular spear phishing, to gain access to the reseller’s DNS account. It then altered DNS records to redirect web traffic to its own server, which hosted a visually identical copy of the news website but presented altered facts.
The attack tarnished the organization’s reputation and credibility, which because of the organization’s size and name recognition, also had a ripple effect on other news organizations. This caused readers to question the legitimacy of news stories they viewed online, and likely drove some to other news sources.