Phishing Attacks in the Media Industry

August 30, 2017 by Stephen Moramarco

The Media Industry – roughly categorized as major newspapers, radio, and television outlets – is increasingly becoming targeted by phishing campaigns. Not only are criminals trying to break into the media websites or internal networks themselves, but associated accounts such as those on Facebook and Twitter are also under attack.

The hackers themselves seem to fall into two general categories: groups or individuals seeking publicity or to cause disruption, or state-sponsored attacks that are attempting to spy or steal information.

Why Target Media?

Today it seems as if the media is in the crosshairs as never before by people within the United States as well as those associated with its biggest global adversaries. It is clear that there are many state-sponsored actors who spy upon journalists or use hacks to try to further their agenda. According to Google, 21 of 25 top news organizations have been the target of state-sponsored attacks.

China has been targeting Western media since 2008 and has successfully broken into major outlets, including the New York Times, Washington Post, and Bloomberg. The role of these agents is to carefully monitor coverage of China; in 2013, over a period of four months, they stole files, contacts, and other information from more than 30 journalists.

The delicate political situations in Syria and Qatar have recently been roiled by hacks. An article posted to the Qatar News Agency website in May 2017 by an unknown entity falsely attributed provocative quotes about Iran and Israel to Qatar’s emir. Saudi Arabia, currently at odds with Qatar, began reporting it on their news channels, further inflaming tensions; both the QNA website and Al Jazeera (a Qatari-based news agency) were subsequently blocked throughout the region.

In 2013, a group calling itself the Syrian Electronic Army briefly shut down websites of western media publications (again the New York Times was a target), and in 2015 a group said to be associated with ISIS took over Twitter accounts of smaller news outlets in Albuquerque and Maryland.

Today, with the President of the United States calling CNN, the New York Times, and other mainstream publications “Fake News,” he has perhaps inspired a new breed of hackers. This new group, ostensibly Donald Trump supporters, have hacked news organizations in his honor. In March 2017, ABC News and Good Morning America’s Twitter accounts were compromised and someone posted “we are totally russian hackers” and referred to Trump as “lord and savior.”

Other rogues in this arena may be doing it “just for the LULZ,” a term used in the underground for a cheap or vicious laugh at someone else’s expense (that also hopefully causes havoc). In 2013, AP’s Twitter feed was hacked and someone tweeted that President Obama had been injured in an explosion at the White House. Panic spread to Wall Street, where the Dow plunged 143 points before recovering.

Then there is always the run-of-the-mill cyber thief looking to make a buck by stealing subscriber credit card information, but there are also more sophisticated cheats. In 2010 an international hacking group targeted and successfully broke into press release companies Marketwired, PR Newswire, and BusinessWire. Over the next 5 years, they made more than $100 million from stocks, making trades based on information gleaned from press releases stored on servers and not yet announced to the general public.

How are the Media Industry Targeted?

The Media is attacked both directly and indirectly. As we have shown, sometimes hackers try to break into the main news servers or networks, trying to access email and other documents. Other times they try to attack the website itself to post fake news stories or even shut it down entirely.

Many times, they’ll attack an associated social media account, most notably Twitter and Facebook. They have also been known to gain access through Content Delivery Networks (CDNs) that organizations rely on to keep current and push breaking news– the Syrian Electronic Army was said to have accessed the Washington Post through a CDN, sending out fake alerts to many of its subscribers.

Above: A free fake-phishing template available through SecurityIQ

The majority of the time, these breaches occur through a successful phishing attempt using an email or message with a compromising link; indeed some 95% of all hacks are still attributed to this simple but effective tactic.

In addition to general phishing, where random malicious emails are sent to a variety of organizations in the hopes of one errant click, there are often more direct attacks, referred to as spear phishing. This is when hackers target specific individuals, often gleaning information from social media accounts and simple web searches, to either impersonate and/or fool others into giving up passwords or opening malware. (Chinese hackers were said to have accessed one media site by sending a fake questionnaire to employees, whose answers gave them enough info to break in.) Other times, spear phishers send official-looking emails requesting users to change passwords that redirect them to a fake web portal; from there, they scrape the login information.

These are effective as they are in any industry because they catch people off guard; journalists rushing to meet a deadline may think a phishing communication is real and take the bait. Others simply may not know enough about phishing and how to protect themselves and their organization.

Education and Simulation Go Hand In Hand

The most effective weapon against these pervasive, continual attacks on the media industry is two-pronged: awareness and real-world training. That is why Infosec Institute has put together a special suite of materials and applications called SecurityIQ.

One section of SecurityIQ is called AwareEd and it is a learning tool that can be configured for individuals and groups. Employees, called Learners, can be automatically enrolled in the course and progress can be monitored via the dashboard.

Above: A selection of AwareEd interactive modules through SecurityIQ

This is a great way to get the entire media organization on board. The series of short videos and quizzes are informative and interesting. Learners will see examples of different phishing techniques and given tips on how to spot them. To progress through the course, the Learner must successfully pass a test after each module.

The other section of Security IQ is called PhishSim and, as the name implies, is a phishing simulator. This allows you to create and send phony phishing emails you can use as “bait.” There are lots of different pre-made templates that cover standard phishing tactics (including such classics as “Password Reset” or “Account Alert”), but you can make your own phishing emails that are more tailored to your industry.

A recipient of a PhishSim email is not hacked – instead, if they click, they’re directed to a web page containing a short video informing them of their error. (You will also be alerted in the dashboard.)

PhishSim and AwareEd can work in tandem. Those that get caught by the phish can be enrolled in in the AwareEd program. If someone passes AwareEd and is then phished again, they could be required to take further training.

Studies have shown companies that engage in these types of intensive educations are much more prepared in case of an attempted breach. Because of the sensitive nature of news and the damage these types of hacks can do to an organization, it is essential your front line – the people that make up the newsroom as well as all those in various administrative and executive positions– are vigilant.

Right now, InfoSec Institute is offering a free 30-day trial of SecurityIQ, which includes unlimited Learners and campaigns. Get your organization up to speed today – before the latest hacking headlines are about you.



Posted: August 30, 2017
Stephen Moramarco
View Profile

Stephen Moramarco is a freelance writer and consultant who lives in Los Angeles. He has written articles and worked with clients all over the world, including SecureGroup, LMG Security, Konvert Marketing, and Iorad.