This post is also available in: Português (Portuguese (Portugal))
- Attacks on media groups have been multiplying, such as what happened with the Norwegian group Amedia last week, or with the group Impresa this weekend;
- Lapsus$ Group may have obtained private information after accessing misconfigured Amazon Web Services servers;
The incident that affected the Impresa group is the latest in a long list of cyberattacks on media, including newspapers, magazines, among others.
This type of attack is increasingly common and affects organizations of all sectors and sizes: cybercriminals – in this case, belonging to Lapsus$ – obtain private information from the media and take advantage of this data to start a process of blackmail, usually related to extortion of money.
After accessing the Impresa group’s Amazon Web Services servers, cybercriminals threatened to disclose the information obtained if the company did not make a payment, as indicated in a ransom note uploaded to Impresa’s websites. It should be noted that during this incident, cybercriminals also carried out defacing actions, a type of attack directed at a website, characterized by modifying its visual appearance.
This threat has multiplied in recent years, with several APT groups have emerged, such as those responsible for the incident involving Sony, which suffered a major security breach after being a victim of the North Korean group Lazarus in 2014; and hacktivist groups, such as those that attacked Israeli media on the anniversary of Soleimani’s assassination.
It should be remembered that in recent months, targeted attacks against media groups have been observed, such as the ransomware attack against the Norwegian group Amedia (the second-largest media group in the country and one of the most important at the European level), the security incident in October that led to the leak of thousands of data from Twitch, a platform used by numerous social media to publish news or programs, the ransomware attack that same month against the American media group Sinclair, which led to if television broadcasts were stopped, or the cyber-espionage operation against journalists with the Pegasus spyware.
The media are a basic pillar when it comes to keeping society informed about what is happening and it is essential that they are well protected against cyber-attacks that intend to steal information and ask for leftovers; inclusion of fake news or messages of hate and fear with repercussions on society; its use to promote false business or activities (scams, phishing…); obtaining economic benefits, etc.
To avoid this type of attack, it is recommended that operating systems be kept up to date, computer antivirus, WAF, server security, etc. the weakest link in organizations and is the gateway that allows these cyberattacks to happen.
There are different guidelines or recommendations that all professionals should follow to try to prevent these cyberattacks from occurring, regardless of the company’s area of activity or its size:
- Actions are recommended to make professionals aware of potential cybersecurity risks they may face. Awareness-raising will help you receive training in security measures that prevent you from becoming a victim of attacks, such as not opening attachments from unknown sources, not opening email messages marked as spam, plugging unknown USB devices into computers, etc.
- It is recommended to have an EDR management service that can model the behaviour of this type of attack, in order to detect and remedy them at an early stage.
- Lifecycle management of vulnerabilities is recommended, which prevents their exploitation
- Alert the security team to anomalous behaviour, both by the organization’s employees and by external people, including distributors.
- Avoid browsing untrusted web environments, even if the system is up to date and has antivirus software.
- Use Hypertext Transfer Protocol Secure (HTTPS) instead of HTTP.