Hackers are typically out for a quick payday. Any and all verticals – health care, government and finance – that may be storing sensitive information such as Social Security numbers, payment card data and contact details are perpetually in hackers’ crosshairs. All of this information can be sold quickly and easily on the Dark Web by anyone who is seeking to perpetrate an identity-theft scam.
However, organizations and individuals that are not obvious targets may still find themselves at the mercy of cyber criminals through any number of extortion schemes. Chief among these is ransomware. These ploys generally involve encryption of an organization’s digital assets that will not be lifted unless a certain sum of money is paid to the hacker, usually in the form of Bitcoin. If the attack is highly targeted, the hackers may threaten a data breach dump, or to reveal sensitive information if certain terms are not met. In other cases, a cyber attack has no monetary motive, and is done solely to propagate a message or make a point.
One vertical that regularly finds itself at the bad end of ransomware, targeted attacks and even hacktivism on a regular basis is news and media. Several recent high-profile breaches have served as a reminder of some of the top cyber threats faced by these organizations, including the following:
The Independent Blog ransomware incident
The Independent Blog, property of one of the most popular news websites from the U.K., recently fell prey to malware last month that had the potential to spread ransomware to visitors of the page. The exploit specifically affected the WordPress-powered blog, marking a continuation of activity from the Angler Exploit Kit, which has infected multiple WordPress sites, according to Trend Micro.
In a nutshell, the cyber attack leveraged outdated versions of Adobe Flash Player. Any Web surfer who visited the infected blog that was also running an old version of Flash would be rerouted to a page hosting the exploit kit. According to Trend Micro, these users would then download the Cryptesla 2.2.0 ransomware. Once infected, files were encrypted and a notice was sent out saying that they would remain as as such unless the user followed certain instructions.
Technically, the popular Independent Blog in this case was used as a delivery mechanism, rather than being targeted in and of itself. This is a clever tactic considering the volume of page visitors on any given day. Nevertheless, the matter is significantly problematic for the Independent, which responded by redirecting all traffic from the blog to the main website. One of the last things a news website wants – or expects for that matter – is to cast doubts over its credibility by inadvertently infecting its readers with ransomware.
Furthermore, the incident highlights a way in which news sources may be used as mechanisms for more advanced targeted attacks – specifically watering hole tactics. This strategy involves identifying a certain website that a targeted individual or group regularly visits with malware, essentially turning the webpage into a trap. The target is infected upon visiting the page. A popular news media site – such as the Independent Blog – is a great opportunity to infect a more general audience, but more specialized tactics could, in theory at least, be employed to go after a specific reader. Either scenario represents a very real cyber threat to news media sites and their readers.
Russia hackers infiltrate Dow Jones
Dow Jones, parent company of the Wall Street Journal and several other news sources, recently became the victim of multiple targeted cyberattack. In the first incident, contact information of as many as 3,500 customers may have been compromised, which according to the Wall Street Journal, would have been used to send “fraudulent solicitations.” Much like the infection of the Independent Blog, the attack used a popular news source as an avenue to its customers.
Shortly thereafter, a Dow Jones server was infiltrated by Russian hackers who were going after trade data that had not gone public, according to Bloomberg Business. This included information being used for stories that had yet to have been published.
The latter of the two incidents highlights yet another motive that hackers may have for going after a specific news organization: pilfering valuable data for a longer-term scheme. In this case, the scheme was financial, as investigators believe the motive was to get an upper hand in the stock market. That said, targeted attacks against news organizations could seek to expose any different number of facts or figures – for example, to identify an anonymous source. Whatever the reason for the cyber attack, news organizations are well within the range of candidates for advanced targeted attacks.
The San Marcos Daily Record breach
As the above incidents show, hackers have gone after news media organizations in an effort to affect a large number of people, and to steal information that could give them an upper hand in a certain situation. The common thread between both examples is that the hackers appeared to be interested in monetary gain. However, in some cases, cyber criminals go after news sources for the same reason news sources exist in the first place: To spread a message to a wide audience.
This is precisely what happened in December when The San Marcos Daily Record homepage was hijacked. According to KVUE, the hacker replaced the landing page with a screen that read “Muslim is not a terrorist,” followed by other related statements. The KVUE report noted that several other news sources in central Texas were also hacked.
The Daily Record incident hones in on yet another reason cyber security should be a top priority for news organizations, which is to avoid becoming an unwilling propagator of a hackers’ message. The goal of a legitimate news source is to supply its audience with fair, balanced information that reflects facts. In being hijacked, The Daily Record temporarily lost its ability to provide this to its readers.
Journalism watchdogs must protect their customers, as well as sensitive information. One good place to start is with security solutions from Trend Micro.