Reading a newspaper. Image by Tim Sandle
In ‘news about news’, The Guardian has reported an IT incident and this is declared as a ransomware attack. The bastion of the new liberal media was hit by unknown actors during december 2022although full details of the incident were not reported until the second week of January 2023.
He The London-based news company says that the personal data of UK staff members has been accessed in the incident. the guardian is the 9th most read news site in the world, with almost 390 million visits per month.
Looking at the problems of the newspaper group to Digital magazine is Joe Gallop, intelligence analysis manager in cofense.
Gallop begins by considering how and why the media is a cybersecurity target, stating: “Journalists and news organizations have become increasingly popular targets for cybercriminals in 2022. While details about the apparent attack are still emerging of ransomware in The Guardian, there has been an ongoing effort. of state-sponsored threat actors from North Korea, China, and Iran to gain access to journalists’ confidential information and restrict freedom of expression.”
It is possible that the origin of the attack came from one of these rogue states. Gallop continues: “Unfortunately, the Guardian attack follows a familiar trend: threat actors often use phishing as a preliminary step in multi-step ransomware operations, rather than a direct delivery mechanism for the ransomware itself. “.
In terms of how such attacks can occur, Gallop offers: “Tools used to establish a widespread presence and deploy ransomware on the target organization’s network can be loaded via the phishing campaign’s malware payload, but only under the command from a human attacker after automation the phishing chain is complete.”
Expanding on the risk, Gallop adds: “Once inside, a threat actor can use any of a myriad of basic and custom tools to move laterally, escalate privileges, establish persistence, and deliver the final ransomware payload. By the time an actual ransomware binary is detectable within a target organization’s network, it may be too late to mitigate the impact.”
This finding connects to the steps that need to be taken, as Gallop observes: “Therefore, it is more important than ever to detect a ransomware operation at the phishing stage, even before it is identifiable as a ransomware attack.”
Gallop’s recommendation for similar businesses is: “To do this, organizations must take the necessary steps to protect inboxes and detect threats. Adopting actionable intelligence that provides visibility into risk factors in your network and responding to phishing threats immediately and decisively will help keep malicious actors at bay and ensure sensitive data is protected.”
