Cybercriminals are eyeing media organizations, eager to get their hands on vast amounts of collected data and take advantage of the big names.
Regardless of their industry, big companies are an attractive target for cybercriminals. Given that they have a vast pool of clients and partners, criminals are hoping to get access to third-party servers by establishing a foothold in an organization.
Recent research by the Cybernews team discovered that Thomson Reuters, a multinational media giant with $6.35 billion yearly revenue, sits on a treasure trove of data. Leaving it unprotected even for a few days could have huge repercussions. Malicious bots are capable of finding open instances within hours, and plaintext credentials to third-party servers are a jackpot for threat actors.
The hack of The New York Post, a newspaper founded 220 ago, is yet another example of how dangerous security incidents in media corporations are. After breaching its website and Twitter account, malicious actors posted racist and violent headlines.
In September, a hacker breached the American financial news publication Fast News, sending two racist push notifications on the Apple News platform. As a result, the company shut down its website.
Experts say that threat actors are extremely ruthless when exploiting weaknesses in organizations. While criminals have to succeed only once to breach a company, defenders can’t allow for any mistakes.
Supply chain risks
According to our investigation, Thomson Reuters collected and leaked at least 3TB of sensitive data, including unprotected passwords, to their partners’ networks. While there’s currently no evidence that threat actors managed to locate the database within a couple of days of its exposure, the incident created a dangerous precedent.
“This creates a huge risk of Thomson Reuters being an unassuming party to multiple supply chain attacks. Because of the inherent trust that business partners place in each other, this is a very alarming discovery, to say the least,” Jerrod Piker, competitive intelligence analyst at the cybersecurity company Deep Instinct, told Cybernews.
Supply chain attacks have already proved to be a nightmare for many parties involved, Kaseya and SolarWinds, to name just a few.
Criminals exploit the exposed data for various attacks, including social engineering, where they manage to trick victims into willingly giving away pretty hefty sums.
While we are becoming numb to the “breaking news” flood about data breaches and assume we’ve all been already hacked anyways, Piker believes this shouldn’t be the case.
“We should not see threat actors being able to breach an organization’s information assets as the norm, either the first time or repeatedly moving forward. Especially in this case, where sensitive data was left unguarded, a shift toward a prevention-first mindset can, at the least, minimize the impact of the next attack and mitigate the issue of unguarded sensitive data from the outset,” he said.
Weak media partners
Dan Vasile, BlueVoyant’s Vice President of Strategic Development, says the recent security issues with Thomson Reuters and The New York Post highlight how easy it is for threat actors to exploit existing flaws within an organization.
The New York Post and Fast Company hacks are stellar examples of why attackers choose media companies as their targets – for the attention they can get.
"Companies, regardless of industry, must now also be aware of digital supply chain defense. They may find themselves targeted for their access to one of their clients or vice-versa," Vasile said.
Large media organizations have structured cybersecurity programs in place and, at least in Thomson Reuters' case, are fast to acknowledge and fix their mistakes. However, the media industry has created a more distributed and fragmented third-party ecosystem over the years.
"As companies' internal networks become more well-defended, often a member of their digital supply chain, like a vendor or supplier, is the weak link," Vasile said.
BlueVoyant's research on the media industry found a number of flaws across vendors that support the media industry.
"The media third-party ecosystem is a complex one, which makes it challenging for companies to securely produce, distribute, and manage content. From concept to camera and from camera to consumer, media companies are dependent on vendors, service providers, partners, and technologies. Exploitation of the identified weaknesses and vulnerabilities can lead to potential loss of content and operational disruption," Vasile added.
Therefore, as any other industry, media companies should monitor their vendors and make sure they patch their systems as quickly as possible.
"The time it takes for cybercriminals to exploit known vulnerabilities is decreasing so enterprises must patch quicker."
More from Cybernews:
Subscribe to our newsletter