There is no denying the fact that
cybercriminals have been exploiting the trust of people in media agencies. However,
the ongoing situations have seen an incredible surge in cybercriminals needing
to utilize each possible way to target media agencies.
Aside from direct attacks, they
have even misused brand names to create counterfeit identities, which are then
used to target ‘potential victims’.
A couple of incidents throw light
upon how and why these threat actors have set their sights on the media industry.
Some of them have been directly
targeted generally through ransomware attacks.
Ritzau, the biggest independent
news agency in Denmark, was targeted by a ransomware attack, prompting the
compromise and encryption of more than one-fourth of its 100 network servers.
The computer servers at the Press
Trust of India were also attacked by LockBit ransomware, which kept the agency
from delivering news to its subscribers.
A few attackers very cleverly
utilize the ‘pretense’ of media agencies to plan out their attacks.
Some time back, TA416 Able was
found carrying out spear-phishing attacks by imitating journalists from the
Union of Catholic Asia News, endeavoring to target the scope of victims,
including diplomats for Africa and people in the Vatican.
Another incident happened when
the U.S. seized 27 domain names that were utilized by Iran’s Islamic
Revolutionary Guard Corps (IRGC) for carrying out secretive influence
campaigns, in which a few domains were suspected to be veritable media outlets.
OceanLotus had set up and
operated a few websites, professing to be news, activist, or anti-corruption
sites consistently. Furthermore, they traded off a few Vietnamese-language news
websites and utilized them to load an OceanLotus web profiling framework.
Subsequently keeping these events
in mind, experts recommend having sufficient safety measures, like frequent
data backups, anti-malware solutions, and implementing Domain-based Message
Authentication, Reporting & Conformance (DMARC).
Furthermore, recommendations were made on carrying
out tests to distinguish and eliminate the risks of domain spoofing.