Incidents Reveal Weak Cybersecurity Programs in the News Media

Online news on mobile phone. (iStock via Getty Images)

Two cyber incidents involving news media companies highlighted the need for these companies to take a closer look at their security operations.

In the past two days, it has been reported that the website and Twitter account of the New York Post was hacked by an insider, whom the newspaper later fired. And Thomson Reuters reportedly left at least three of its databases open on the public internet. One of the instances opened was 3 terabytes of a publicly available ElasticSearch database that contained sensitive data across the company’s platforms.

SC Media reached out to security experts and asked them to explain why media companies face constant attacks and whether they have the necessary security tools to deal with the growing threat landscape.

Media companies have been and will continue to be targeted by cyberattacks for at least two important reasons, said Jerrod Piker, competitive intelligence analyst at Deep Instinct. First, as we’ve seen with the Sony and Thomson Reuters hacks, media companies often lag behind when it comes to fully protecting their computing environments from the inside out. , making them relatively easy targets to penetrate. Second, Piker said the intellectual property produced by media companies is very valuable, whether it’s blockbuster movies yet to be released or sensitive news stories.

“If we are to see a marked improvement in the number of attacks against media companies, it will take a concerted effort by the cybersecurity community and volunteer technical teams from the largest media organizations to identify common security gaps and introduce the policies and tools needed to shut them down,” Piker said. “It could also come in handy if more specific security guidelines were created and enforced by an external collective, similar to what we see with the compliance framework. payment card industry data security standards.

Amit Shaked, co-founder and CEO of Laminar, explained that media companies are attractive targets because they can reach large numbers of people in a short time. They also maintain contact details for a large number of credible and potentially valuable sources, scoops on stories that have not yet been published and, whether all the details are reported or not, huge amounts notes/recordings of interviews with their story. topics — which could include geopolitical players, Shaked said.

“If their systems or even their social media accounts were infiltrated, cybercriminals or hacktivists could spread false information, or if any of this data ends up in the hands of a cybercriminal, it would have significant leverage for monetary extortion from the company,” Shaked said. “In any case, it is essential that news organizations know where all data resides, who is accessing the data and/or their systems, and what their security posture is, in order to prevent hacks, leaks and extortion.”

Shaked added that news organizations have traditionally had smaller budgets than larger companies in other verticals, making it more difficult to secure funds for cybersecurity tools and teams. Shaked said with all the sensitive information they house and the number of people they can reach, it will become increasingly important to compete for investment.

Technology environments that are less hardened and may be more prone to insider risk

Mike Parkin, senior technical engineer at Vulcan Cyber, pointed out that media companies operate in a very different environment than financial services or healthcare. Parkin said they operate at a fast pace and don’t have the same type of regulatory oversight as in other industries. While many invest in strong security checks, it’s often not as high a priority as a bank or hospital, Parkin said.

“This can lead to an environment that is not as hardened as other potential targets, and employees who do not receive the same level of security training, or take it as seriously, as the ‘you can find in other industries,” Parkin said. “Media companies may not have the same types of personal data that threat actors are interested in, they still invite targets. And it’s hard to overestimate the potential damage that can occur if a malicious actor takes control of a widely respected media outlet.

John Bambenek, principal threat hunter at Netenrich, said attacks on media companies, especially social media accounts, have long been ripe targets. The compromises are very public, and therefore embarrassing, which makes them attractive to disgruntled insiders or attention-seeking hacktivists.

“Generally, they don’t see themselves as needing high security, except when it comes to national security reporting or politically sensitive reporting, so they may not adopt controls as strict as they could,” noted Bambenek.

Deep Instinct’s Piker said media companies are typically so focused on preventing unauthorized access that they could miss an insider threat. Piker pointed out the Sony Pictures hack in 2014 where attackers collected over 100TB of data undetected, and a person who claimed to have been involved in the attack as a member of the Peacekeepers said he had access to it for at least a year year before the attack.

“While Sony Pictures no doubt implemented top-notch perimeter security to prevent unauthorized access, they failed to take into account that a trusted account was being used to steal the data,” said Picker. “Further analysis of the attack also revealed that the threat actors used a listening implant, backdoor, proxy tool, and erasing malware to collect information and then erase evidence of It is important that media companies take appropriate measures not only to prevent unauthorized access at the network level, but also to monitor suspicious system and user behavior at each access level in order to avoid this type of catastrophic damage.