Media sites under attack from state-sponsored hackers
Phishing identified as key attack vector, claims Google researchers.
State-sponsored attacks have been levelled at 21 of the world's 25 top news organisations, it has been claimed.
Google researchers Shane Huntley and Morgan Marquis-Boire have said journalists are "massively over-represented" as targets of phishing attacks delivered by email.
This type of attack allows hackers to steal personal data and can be highly personalised and convincing.
"If you are a journalist or journalistic organisation we will see state-sponsored targeting," Huntley told Reuters.
"We see it happening regardless of religion, we see it from all over the world, both where the targets are and where the targets are from."
Targeted media organisations included Forbes, the Financial Times and New York Times, who fell victim to successful attacks from the Syrian Electronic Army, as well as an unidentified Western news organisation that was attacked by Chinese hackers using a fake questionnaire sent to staff.
Marquis-Boire claimed this is "the tip of the iceberg".
"A lot of organisations are just waking up to this ... [but] we are seeing a definite upswing of individual journalists who recognise [protecting themselves] is important," he said.
Lior Arbel, CTO of Performanta, told IT Pro: "It is not surprising that the level of these attacks has increased. We are entering a new phase in cyber-aggression where hackers have realised that information is power and have begun to up their attacks on corporate targets to steal vital intellectual property.
"News organisation's power to influence the masses is their form of intellectual property and must be protected."
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now