A cyberattack at Newsquest, one of the UK’s largest regional media groups, has disrupted operations at its local news outlets, causing intermittent website outages and leaving journalists unable to file stories.
The December 11th cyberattack has since been reported as an incident to the UK National Cyber Security Centre.
One of those local UK outlets, the Southern Daily Echo serving Southampton and Hampshire, published its own story about the attack to inform Newsquest readers who may have had problems accessing its media.
“Since Monday, this website has suffered some intermittent disruption, which may have affected your reader experience, as well as your access to our associated digital edition and app,” the Daily Echo wrote on Wednesday.
“This has been caused by a series of cyber-attacks known as “distributed denial-of-service” (DDOS). We have been able to contain most of these attacks, but some readers will have experienced a disruption,” the outlet said.
The Daily Echo then went on to assure readers and subscribers that that no personal data had been accessed during the attacks.
Newsquest, owned by US media giant Gannett, has over 250 local news brands and magazines under its umbrella. A Gannett spokesperson referred Cybernews back to the Daily Echo news article for their official statement.
Additionally, the media group states it has a digital audience of over 41 million users, plus 7 million print readers each month.
Meantime, UK’s Hold the Front Page (HTFP) online news site for journalists posted about the attack on X.
The attack is affecting content management systems, causing websites to malfunction, and leaving journalists unable to upload stories, images, and media, HTFP reported.
An internal Newsquest memo sent to staff on Wednesday was seen by HTFP.
“The impact on our journalists …is being discussed and we are working on methods to improve uploads and administration, it said.
DDoS attacks: a ruse for ransomware
William Wright, CEO of Closed Door Security, said the Newsquest attack echoed similar attacks on the Guardian newspaper last December,.
That attack turned out to be a “a highly sophisticated ransomware attack” compromising personal employee information, the Guardian revealed months later.
“DDoS attacks often don’t get as much publicity as ransomware today, but that doesn’t make them any less severe,” Wright explained.
“In some cases, they are used to hide a data breach, while some attacks are carried out purely with the motivation of putting an organization out of operation," Wright told Cybernews.
Meantime, Newsquest has now officially labeled the attack as a “major business continuity event, and has alerted Gannett’s Cybersecurity Incident Response team.
“We are continuing to monitor the situation closely, but the attacks have now subsided and website access returned to normal", it said.
CTO of Barrier Networks Ryan McConechy said even though Newsquest announced the attack is now largely contained, the media house must now investigate if any customer or employee data was breached.
McConechy also believes the DDoS attack could turn out to be “a smokescreen hiding something more severe.”
"DDoS attacks, which knock a website offline by flooding it with traffic, are a major threat to businesses today," McConechy said, particularly from hacktivists trying to make a political statement or harm a specific organization.
“The best way to detect DDoS attacks is through the use of technology that monitors web traffic and identifies unexpected peaks. When high volumes of traffic are detected, this can be investigated and blocked if necessary, stopping the DDoS attack in its tracks,” he added.
Furthermore, Wright pointed out that IoT devices are often recruited into botnets to execute DDoS attacks, and companies can help secure the landscape by incorporating IoT security into their overall cyber strategy.
This helps to ensure one organizations' IoT devices are not unwittingly used in attacks on other organizations, he said.
More from Cybernews:
Subscribe to our newsletter