When hackers turn media brands into tools at their disposal

If you thought managing a media organisation is complex be prepared. It’s highly unlikely that this will become easier in the near future. Media leaders are now confronted with a heap of odd sounding technical terms like “typo squatting“, “spear fishing emails“, “domain masquerading” and many more they quite possibly have never heard of. The sprawling vocabulary is used to describe the growing ways people are now targeted on the Internet.

hacker ()

Thanks to Google’s security researchers, we now know that in the most recent case hackers turned to the Electronic Frontier Foundation, registered and operated electronicfrontierfoundation.org, a site which uses the brand name and which looks like it’s managed by the EFF to abuse people’s trust in the brand and to install malware on visitors’ computers. 

In April French TV network TV5Monde became a target of hackers allegedly affiliated with ISIS and went dark. The urgency in this case let the French culture minister to call an urgent meeting of French media groups to assess their vulnerability as Angelique Chrisafis and Samuel Gibbs, both of the Guardian, reported.

But attacks are not limited to domain names, websites or whole TV networks alone. In May the Washington Post became a victim of attacks from hackers supporting the regime of Syrian President Bashar al-Assad who infiltrated their content delivery network provider Instart Logic. The incident came two years after they were targeted as the result of an attack on content recommendation service Outbrain.

Media organizations find help from service providers that have specialized in finding security holes and how to fix them. They carry out planned attacks to identify possible security issues and assist in setting up internal security protocols. Some companies like Recorded Future go as far as using predictive analytics to predict the likelihood of cyber threats.

Media CEOs would be well advised to start thinking about how to address the security threats and what appropriate processes should look like in case such attacks succeed. Would you be able to redirect your visitors to alternative sites? Who’s the contact person at your service provider and who would be available over the holidays, or weekend? How much would a minute cost if your sites or services become unavailable? Do you have customer data at stake? 

The potential damage to brands and businesses as a whole can be substantial. The prevention of criminal attacks is as important as having proper means at hand to do damage control. Security measures should also take all ecommerce activities into account and should cover portfolio companies such as start-ups as well.

How prepared are you?

For more on the above:

“Fake EFF site serving espionage malware was likely active for 3+ weeks”

“Pawn Storm Espionage Attacks Use Decoys, Deliver SEDNIT” 

“New Spear Phishing Campaign Pretends to be EFF” 

EFF’s “Tips, Tools and How-tos for Safer Online Communications” 

“French media groups to hold emergency meeting after Isis cyber-attack” (2015) 

“The Syrian Electronic Army just hacked the Washington Post (again)” (2015)  

“Malicious Hackers Take Over Media Sites via Content Delivery Network Providers” (2015) 

“The Post just got hacked by the Syrian Electronic Army. Here’s who they are.” (2013) 

“Recorded Future Announces $12M Funding to Build on Momentum in Cyber Threat Intelligence”

More like this

You’re infected, and probably don’t even know it: 12 innovative ways to detect and prevent digital ad fraud

From our archive: What are the nine types of digital ad fraud?

Your first step to joining FIPP's global community of media leaders

Sign up to FIPP World x