Cyber-Attacks in the Media Industry Making Headlines

Written by

The media industry is more visible to the public than virtually any other sector. Encompassing film, television, radio, gaming consoles, online and print, it is the arena that provides people with access to news and insights into the outside world, as well as fulfilling people’s entertainment needs.

Correspondingly, Cyber-attacks on media entities, even those that have a relatively minor impact or are unsuccessful, are highly visible to the public compared to other sectors. This was demonstrated by an attempted hack on Virgin Media TV in February 2023, which forced some programming off air while the firm mitigated the incident.

Media platforms are also prime target for hacktivists who wish to push out messages to the wider public. Following the Russian invasion of Ukraine in February, for instance, pro-Ukrainian groups took over Russian TV channels to broadcast messages opposing the Kremlin’s actions.

“News outlets are frequently targeted by politically motivated actors who aim to disrupt or compromise the content and its distribution,” commented Dan Vasile, VP of strategic development at BlueVoyant and former VP of info security at Paramount.

Alex Newman, cyber security expert at PA Consulting, commented that it is a sector that has a unique ability to polarize and create disgruntled users, making it an especially tempting target for actors that wish to cause harm or obtain notoriety, and not just financial gain.

“This means there will be actors who will attempt to compromise or cause damage, knowing that a breach or successful attack is likely to lead to further negative coverage in the high-profile media industry. In the film industry in particular, the consequences of a successful attack can also include IP theft, piracy and compromise of the user-facing content,” he explained.

There has been a number of instances of hackers attempting to leak information to ruin upcoming releases in the entertainment sphere, such as films and video games. Prominent examples include the leaking of the draft script of the James Bond movie Spectre in 2014, and leaking source code and development footage of upcoming video games.

A Growing Target

Financially motivated cyber-criminals have also recognized that media organizations are a lucrative target as the use of digital technologies as a means to consume news and entertainment has surged. In December 2022, prominent UK newspaper The Guardian was hit by a ransomware attack that disrupted operations and led to the personal data of UK staff being stolen.

A particularly popular tactic is compromising the growing number of online accounts across media services, including popular streaming platforms like Netflix.

Vasile noted: “Attacking the distribution channels, such as streaming services or web portals, gives cyber-criminals access to valuable consumer information and payment details.”

In August 2020, security firm Akamai highlighted a surge in credential stuffing attacks against media organizations, which its analysts said was borne out of a rise in people using online media during the COVID-19 lockdown. This is a trend the company has observed continue as life has returned to normal.

Tony Lauro, director of security technology and strategy at Akamai told Infosecurity: “Credential stuffing attacks have continued to be prevalent in the media industry since the pandemic.”

“Credential stuffing attacks have continued to be prevalent in the media industry since the pandemic"

Lauro said that attackers have recognized that password reuse is rife across the vast number of media accounts, with customers regularly using previously compromised passwords found in online databases from other data breaches. Therefore, the resale value of selling access to compromised accounts in the media industry can be very lucrative.

“We once found an attacker with over 100,000 paying customers and was selling access to over 1 million accounts across different streaming services,” he revealed.

A Uniquely Vulnerable Industry

For many years, nation-states, cybercrime and hacktivist groups have primarily targeted “high value” industries for maximum gain and impact, such as energy, government agencies and banking.

However, these sectors have evolved their cybersecurity strategies in the face of these threats, driven by growing regulation. This is, in turn, sending more attacks the way of ‘softer’ targets, including media organizations.

Newman commented: “The media industry does not have such a history of regulation and elevated threat landscape, and is a comparatively less cyber mature industry, yet faces the same external level of threat as oil and gas and pharma. This makes the media industry an easier target for attackers.”

He added that the public nature of the work of media companies highlights the systems and technologies it uses in a unique way.

“Unlike most sectors, media delivers content to people globally; this creates a highly visible target acquiring unwanted attention to online infrastructure and services – all possible targets for a threat actor operating anywhere in the world,” Newman noted.

Many media organizations, especially publications, are highly vulnerable to attacks due to the complex nature of their supply chain, according to BlueVoyant’s Vasile. Research published by the vendor in August 2022 found that the percentage of media companies susceptible to compromise is double the figure across all other sectors, with the complexity of supply chains identified as a major factor.

“In the production and distribution phases, many people and technologies interact with the content, not all of whom are internal to the media organization. As a result, media companies may not have comprehensive cyber defense capabilities to cover the full spectrum of interactions with the supplier ecosystem,” Vasile explained.

The third party supply chain is likely to continue being a major target for threat actors seeking to compromise media companies for the foreseeable future. Akamai’s Lauro noted that these supply chains often have many third party scripts that can be easily compromised. Therefore, he predicts that the “next wave of security threats that we can foresee for this industry is around script management and data exfiltration.”

He continued: “This gives the attackers potential access into these large media organizations by going through some of their much smaller partners who may not have the best security implemented in their environments, allowing for exploitation of this supply chain relationship.”

Mitigating Rising Cyber-Threats

Unsurprisingly, the experts Infosecurity spoke to emphasized that media organizations must combine a mix of cybersecurity tools and processes to better protect themselves against these threats.

With account compromises so frequent in these organizations, putting an extra layer of authentication in place for customers is particularly crucial.

Lauro said: “Media companies should ensure that they are using multi-factor authentication (MFA) if possible to deter attackers gaining access to compromised accounts, even if they have the correct username / password combination. Having to overcome a series of authentication hurdles is more likely to stop them in their tracks, or at least have them looking for an easier target.”

The growing use of automation to launch brute force authentication attacks also makes bot management technology vital for these firms. “Being able to detect account takeover attempts or large scale activities can be best done by using these technologies,” commented Lauro.

Additionally, with many vulnerable third parties within their supply chains, Vasile noted that it is important for media organizations to risk-rank their supply chain and continuously monitor their vendor ecosystem. He added that this will enable these organizations to quickly identify potential risks and address them.

As part of this evaluative process, media firms should also understand, and prioritize the security of their most critical services and dependencies.

PA Consulting’s Newman advised: “They should map their supporting business processes, technology, data and third-party dependencies, and this should give a prioritized, business-critical view of where to begin.”

Finally, getting the basics right, such as education for customers and staff in areas like password security, and patching vulnerabilities quickly, applies as much to the world of media as it does to all other industries.

What’s hot on Infosecurity Magazine?