Cyber ​​threats against media companies are on the rise

Gretchen A. Peck | for editor and editor

As Editor & Publisher spoke to news publishers about their cybersecurity concerns in preparation for this feature, several significant events unfolded. Russia went on the offensive against Ukraine, invading the country and launching a war of choice.

By Deadline, Russia’s war crimes offensive was entering its gruesome fourth week, threatening to further destabilize the European continent and draw in the rest of the world, particularly NATO allies. The televised and tweeted war broadcast around the world shows the bravery of journalists and the vital nature of information, especially in difficult situations. As of press time, three journalists have been killed reporting on the war.

On March 14, 2022, international news outlets reported that Israeli government systems had been disrupted by a cyberattack – a “digital denial of service” or “DDoS” attack. These aren’t particularly sophisticated hacks; they occur when the volume of traffic overloads the servers. The source of the attack, if known, has not been revealed, but the Haaretz news agency reported that Israel’s health, justice and welfare ministries were affected.

What this meant for the public: Every government site with the gov.il extension was down for more than an hour, The Times of Israel reported the same day.

The Federal Bureau of Investigations (FBI) categorizes a number of cybercrime threats, from hacking work emails to identity theft, identity theft and phishing scams, and ransomware.

Cybercrime recently arrived at the digital doorsteps of news publishers around the world when PressReader, the digital provider of over 7,000 international magazine and newspaper titles, was hampered by a cyberattack.

As the April issue of E&P went into production, this message appeared on the PressReader site after a cyberattack hampered their operations and those of more than 7,000 international magazines and newspapers.

In the days following the outage, the developer said, “We can now confirm that the network issues we experienced were caused by a ransomware attack. Upon detection, our team implemented a comprehensive response plan to assess the threat and react accordingly. As a defensive measure, we disable certain administrative and public systems, including taking Branded Editions sites and apps offline, as well as PressReader. The company added that it had no evidence that customer data was compromised or partner systems were affected.

While our April issue was in production, “An update on the release of new content” ran in white text on a black background on PressReader’s site. Fortunately, he reported that content processing was “fully operational, with all the newspapers and magazines we’ve received from publishers since March 6 now published.” Still, they were rolling out other issues and noted that readers might find the reading experience hampered by “minor glitches with text viewing and listening features.”

“We are still working hard to get operations up and running,” a company spokesperson told E&P.

The attack on PressReader, the disruption in Israel, and the start of a war by one of the world’s most notorious states to sanction cyber warfare all happened in just one month. If you think cyberattacks are happening more frequently and hitting closer to home, you’re not mistaken.

Daniel Tobok, CEO of Cytelligence

Daniel Tobok is the CEO of Cytelligence, one of the largest forensic and cyber incident companies in North America. In 2020, the company was acquired by Aon. “We handle, on average, about 100 investigations per month, from ransomware to intellectual property theft and extortion,” Tobok said.

Tobok also reported that attacks on media companies are intensifying.

“Before the Ukraine-Russia conflict, they accounted for about 5% of crimes, but we have seen double-digit growth in [attacks on] news outlets and various media companies from what I call ‘undetected sources’,” he explained.

It is difficult to determine whether cybercriminals are strategically targeting media companies or whether the criminal network is so widespread that it ensnares news outlets almost accidentally. But news organizations around the world have found themselves at the mercy of hacks, breaches and ransomware demands, perhaps the most insidious of all.

In January 2022, Amedia, a Norwegian media company, revealed that it had suffered a cyberattack which shut down its subscription and advertising systems at the end of 2021. Amedia were arrested. Online newspaper production is proceeding normally, but no paper newspapers will be published on Wednesday. Indeed, the print newspaper publishing, advertising and subscription management systems are not operating normally,” the company said in a statement.

In early February, News Corp reported that its email systems had been hacked, citing China as the culprit. Jim Waterson, media editor at The Guardian, said: “The cyberattack affected a limited number of people working for outlets such as News UK – the publisher or the Times and the Sun – as well as the Wall Street Journal and the New York Post. .”

Waterson had access to an internal News Corp email describing the attack as a “persistent nation-state attack”, he revealed.

The previous year, in June 2021, ABC-affiliated television stations in Orlando, Florida; Charlotte, North Carolina; and Pittsburgh – owned by Cox Media Group – were taken offline by a possible ransomware attack, although Cox Media did not disclose the nature of the attack to the press.

Journalist Amiah Taylor explained the ransomware — aptly named because it holds data hostage — in a February 17, 2022 article for Fortune.com. She cited research from SonicWall, an internet cybersecurity company, and its 2022 Cyber ​​Threat Report, which offers alarming statistics on ransomware attacks, in particular.

“Governments around the world have seen an 1,885% increase in ransomware attacks, and the healthcare industry faced a 755% increase in such attacks in 2021,” Taylor summarized in the report.

“Ransomware also increased by 104% in North America, just below the 105% increase globally,” the study said.

Understandably, news publishers – E&P readers – worry about what this could mean for their organizations in the future and whether they are well protected against cybercrimes.

Being proactive is decisive.

“Ransomware has become the weapon of choice for various threat actors around the world,” Cytelligence’s Tobok told E&P.

Tobok said two factions most often commit cybercrimes. There is organized crime, then there is state-sponsored cybercrime. State-sponsored threats come mainly from Russia, Ukraine, China, North Korea and lately from the Baltic regions, he noted.

“It’s a pretty easy crime to commit,” he continued. “It’s inexpensive and the profits are extremely high. To give you a fun little fact, North Korea in 2021 collected around $5.6 billion in proceeds of ransomware crime. When you think of a place like North Korea, which really has nothing to export, but is able to generate $5.6 billion on it, you can see why that’s attractive to criminals.

In addition to financial motivations, there are strategic motivations that should also concern press publishers.

“What we see, especially when we have conflicts in the world and the geopolitical climate changes, they do it in order to cause disruption,” he explained. Typically, scammers are after money, but some also steal data. Only a thorough forensic investigation can reveal whether the data has been compromised, Tobok noted.

In the aftermath of an attack, victimized businesses will have two main paths to follow – “civil” versus “criminal,” Tobok calls them. On the civilian side, the organization will need to investigate the breach, find out how the hackers got in, make sure those doors are permanently closed, and then work to fix and restore the systems.

As they go down the criminal route, the “three-letter agencies” become involved, and Cytelligence has relationships with each of them, Tobok said. A criminal investigation will be more concerned with salvaging “artifacts” that provide clues to the origin and extent of the crime.

“When we come across a customer who has been hacked or hacked, our first and foremost business is preservation,” he said. “It takes a bit of time. We preserve all artifacts in a forensic manner and only then can we put the puzzle back together.

“But unlike the crime scene investigations you see on TV – I have to warn you – we’re not as good looking, and we’re not walking around in white coats and solving the crime in 28 minutes,” he said. he joked.

In other words, it may take some time.

“I laugh sometimes when there’s a national incident and a so-called cyber expert comes on TV and says, six hours after the incident, he knows where the guys are from. It’s impossible,” he noted.

And Tobok noted that only about 25% of the time the origins of the attack are revealed, and that’s because cybercriminals have become adept at spoofing and shadow servers.

Asked how news publishers could better protect themselves, Tobok offered some sound advice:

  • Be proactive. Hire a cyber-expert who can guide you and test your systems.
  • Be aware that the way cybercriminals get into systems can be harmless, often through a phishing email to an employee or someone with administrative access. Inform your team of risks and red flags.
  • Perform periodic assessments of your systems and test them with hacking simulations.
  • Make sure all of your staff use strong passwords and authentication solutions.
  • And the most important tip of all: encrypt your data.

“When hackers come across an encrypted server, they don’t touch it. It’s wasting their time, and for them, time is money,” he said.

“Unhappiness and sadness is – it happens and it is real,” Tobok told E&P readers. “It’s not a question of if, but when. The good news is that by being proactive, you can minimize your chances of being raped, and that’s key.

Gretchen A. Peck is editor-in-chief of Editor & Publisher. She has been reporting for E&P since 2010 and welcomes comments on [email protected].