Cybercriminals are increasingly targeting media agencies in all possible ways. Apart from direct attacks, cybercriminals misuse the brand name to create fake identities, which are then used to target potential victims.

Direct attacks

In the past few weeks, media agencies were targeted mostly via ransomware attacks.
  • Ritzau, the largest independent news agency in Denmark, was targeted by a ransomware attack, leading to the compromise and encryption of more than one-quarter of its 100 network servers.
  • The computer servers at the Press Trust of India were attacked by LockBit ransomware, which prevented the agency from delivering news to its subscribers.

Attackers using the pretense of media agencies

A few days ago, TA416 APT was found carrying out spear-phishing attacks by imitating journalists from the Union of Catholic Asia News, attempting to target a range of victims, including diplomats in Africa and people in the Vatican.
  • The U.S. seized 27 domain names that were used by Iran’s Islamic Revolutionary Guard Corps (IRGC) for carrying out covert influence campaigns, in which several domains purported to be genuine news outlets.
  • OceanLotus had set up and operated several fake websites, pretending to be news, activist, or anti-corruption websites throughout the year. Additionally, they compromised several Vietnamese-language news websites and used them to load an OceanLotus web profiling framework.

The bottom line

Since long, cybercriminals have been exploiting the trust of people in media agencies. Therefore, experts suggest having adequate security measures such as frequent data backups, anti-malware solutions, and implementing Domain-based Message Authentication, Reporting & Conformance (DMARC). Furthermore, experts recommend conducting tests to identify and eliminate the risks of domain spoofing.

Cyware Publisher