Media sites under attack from state-sponsored hackers

Phishing identified as key attack vector, claims Google researchers.

State-sponsored attacks have been levelled at 21 of the world's 25 top news organisations, it has been claimed.

Google researchers Shane Huntley and Morgan Marquis-Boire have said journalists are "massively over-represented" as targets of phishing attacks delivered by email.

This type of attack allows hackers to steal personal data and can be highly personalised and convincing.

"If you are a journalist or journalistic organisation we will see state-sponsored targeting," Huntley told Reuters.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"We see it happening regardless of religion, we see it from all over the world, both where the targets are and where the targets are from."

Targeted media organisations included Forbes, the Financial Times and New York Times, who fell victim to successful attacks from the Syrian Electronic Army, as well as an unidentified Western news organisation that was attacked by Chinese hackers using a fake questionnaire sent to staff.

Marquis-Boire claimed this is "the tip of the iceberg".

"A lot of organisations are just waking up to this ... [but] we are seeing a definite upswing of individual journalists who recognise [protecting themselves] is important," he said.

Lior Arbel, CTO of Performanta, told IT Pro: "It is not surprising that the level of these attacks has increased. We are entering a new phase in cyber-aggression where hackers have realised that information is power and have begun to up their attacks on corporate targets to steal vital intellectual property.

"News organisation's power to influence the masses is their form of intellectual property and must be protected."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020