Organized crime and state-sponsored bad actors pose a real risk, but simple measures help safeguard systems

Next Article

Pressure mounts as news publishers, politicians and even Supreme Court justices ponder the platforms’ future

} By Gretchen A. Peck

While Editor & Publisher was speaking to news publishers about their cybersecurity concerns in preparation for this feature, several significant events unfolded. Russia went on the offensive against Ukraine, invading the country and launching a war of choice.

At deadline, Russia’s war crimemounting offensive was beginning its fourth horrific week, threatening to further destabilize the European continent and draw in the rest of the world, especially allied NATO nations. The televised and tweeted war put on worldwide display the bravery of journalists and the vital nature of information, especially in dire situations. At press time, three journalists have been killed reporting on the war.

On March 14, 2022, international news outlets reported that Israel’s government systems had been disrupted by a cyberattack — a “digital denial of service” or “DDoS” attack. These aren’t particularly sophisticated hacks; they occur when the volume of traffic overloads servers. The source of the attack, if known, wasn’t disclosed, but news agency Haaretz reported that Israel’s ministries of health, justice and welfare were impacted.

What it meant for the public: every government site with the gov.il extension was out of service for over an hour, The Times of Israel reported that same day.

The Federal Bureau of Investigations (FBI) categorizes a number of cybercrime threats, from business email hacks to identity theft, spoofing and phishing scams, and ransomware.

Cybercrime recently came to the digital doorsteps of news publishers worldwide when PressReader, the digital supplier of more than 7,000 international magazine and newspaper titles, was hobbled by a cyberattack.

In the days following the outage, the developer reported, “We can now confirm that the network issues we experienced were caused by a ransomware attack. Immediately upon detection, our team implemented a comprehensive response plan to assess the threat and respond accordingly. As a defensive measure, we disable certain administrative and publicfacing systems, which included taking Branded Editions sites and apps, as well as PressReader, offline.” The company added that they had no evidence that any customer data was compromised nor that partner systems were impacted.

As our April issue was in production, “An Update On the Release of New Content” ran in stark white text across a black background on PressReader’s site. Thankfully, it reported that content processing was “fully operational, with all newspapers and magazines we have received from publishers since March 6 now published.” Still, they were in the process of restoring other issues and noted that readers may find the reading experience inconvenienced by “minor issues with Text View and Listen functionality.”

“We’re still working hard on getting operations up and running,” a company spokesperson told E&P.

The PressReader attack, the disruption in Israel, and the start of a war being waged by one of the world’s most notorious state sponsors of cyber warfare all came within just a month’s time. If you’re getting the feeling that cyberattacks are occurring more frequently and hitting closer to home, you’re not wrong.

Daniel Tobok is the CEO of Cytelligence, one of the largest forensics and cyber-incident firms in North America. In 2020, the company was acquired by Aon. “We handle, on average, about 100 investigations per month, from ransomware to theft of intellectual property and extortion,” Tobok said.

Tobok also reported that attacks on media companies are escalating.

“Before the Ukraine-Russia conflict, they were about 5% of the crimes, but we’ve seen double-digit growth in [attacks on] news outlets and various media firms from what I call, ‘undetected sources,’” he explained.

It’s hard to pinpoint whether cybercriminals strategically target media companies or whether the criminal net is just so widespread that it ensnares news outlets almost incidentally. But news businesses around the world have found themselves on the receiving end of

} As the E&P April issue went into production, this message appeared on

PressReader’s site after a cyberattack hobbled their operations and those of more than 7,000 international magazine and newspaper titles.

hacks, breaches and ransomware demands, perhaps the most insidious of them all.

In January 2022, Amedia, a Norwegian news company, disclosed it had suffered a cyberattack that shut down its subscription and advertising systems in late 2021. “On the night of Tuesday, December 28, several of Amedia’s central computer systems were shut down. The production of online newspapers is going as normal, but no paper newspapers will be published on Wednesday. This is because systems for publishing paper newspapers, advertisements and subscription management do not work as normal,” the company said in a statement.

In early February, News Corp reported that its email systems had been hacked, citing China as the culprit. Jim Waterson, media editor at The Guardian, reported, “The cyber-attack affected a limited number of individuals working for outlets including News UK — the publisher or the Times and the Sun — as well as the Wall Street Journal and the New York Post.”

Waterson had access to an internal News Corp email that described the attack as a “persistent nation-state attack,” he disclosed.

The year before, in June 2021, ABC-affiliated TV stations in Orlando, Florida; Charlotte, North Carolina; and Pittsburgh — owned by Cox Media Group — were knocked offline by a possible ransomware attack, though Cox Media didn’t disclose the nature of the attack to the press.

Reporter Amiah Taylor explained ransomware — aptly named because it holds data hostage — in a February 17, 2022 article for Fortune.com. She cited research by SonicWall, an internet cybersecurity company, and its 2022 Cyber Threat Report, which offers some alarming statistics about ransomware attacks, in particular.

“Governments worldwide saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021,” Taylor summarized the report.

“Ransomware also rose 104% in North America, just under the 105% increase worldwide,” the study indicated.

Naturally, news publishers — E&P’s readers — are concerned about what it might mean for their organizations in the future and if they’re well-guarded against cybercrimes.

BEING PROACTIVE IS A MAKE-OR-BREAK MEASURE

“Ransomware has become the weapon of choice for various threat actors around the world,” Cytelligence’s Tobok told E&P.

Tobok said that two factions most often commit cybercrime: organized crime and state-sponsored criminals. The state-sponsored threats are primarily coming from Russia, Ukraine, China, North Korea, and lately, areas of the Baltics, he noted.

“It’s a fairly easy crime to commit,” he continued. “It’s low cost, and the profits are extremely high. To give you just a little bit of a fun fact, North Korea, in 2021, collected about $5.6 billion in proceeds from ransomware crime. When you think of a place like North Korea, which doesn’t really have anything to export, yet they’re able to generate $5.6 billion on this, you can understand why it’s attractive to criminals.”

Besides the financial motives, there are the strategic motivations that should concern news publishers, as well.

“What we’re seeing, especially when we get conflicts around the world and the geopolitical climate changing, they’re doing this in order to cause disruption,” he explained. Typically, the crooks are on the hunt for money, but some also steal data. Only a

} Daniel Tobok, CEO of Cytelligence

deep-diving forensic investigation can reveal whether data has been compromised, Tobok noted.

In the aftermath of an attack, victim companies will have two primary paths to take — “civil” versus “criminal,” Tobok calls them. On the civil side, the organization will need to investigate the breach, learn how hackers got in, make sure those doors are permanently closed and then endeavor to repair and restore systems.

As they go down the criminal path, the “three-letter agencies” get involved, and Cytelligence has relationships with all of them, Tobok said. A criminal investigation will be more concerned with saving “artifacts” that provide clues to the origin and scope of the crime.

“When we come across a client that has been hacked or breached, our first and foremost activity is preservation,” he said. “That takes a little bit of time. We preserve all the artifacts in a forensically sound manner and only then are we able to put the puzzle back together.

“But unlike the crime-scene investigations you see on TV — I have to warn you — we’re not as goodlooking, and we don’t walk around in white coats and solve the crime in 28 minutes,” he quipped.

In other words, it can take a while.

“I chuckle sometimes when there is a national incident and some so-called cyber expert goes on TV and declares, six hours after the incident, that they know where the guys are from. It’s impossible,” he noted.

And Tobok noted that only about 25% of the time are the origins of the attack revealed, and that’s because cybercriminals have become adept at using spoofing and phantom servers.

Asked how news publishers might better protect themselves, Tobok offered some sage advice: • Be proactive. Engage a cyber expert who can guide you and test your systems. • Be cognizant that the way cybercriminals get into systems can be innocuous, often by way of a phishing email to an employee or someone with administrative access.

Educate your team about the risks and red flags. • Do periodic assessments of your systems and challenge them with mock hacks. • Make sure your entire staff is using complex passwords and authentication solutions. • And the most important tip of all:

Encrypt your data.

“When threat actors come across a server that’s encrypted, they will actually not touch it. It’s wasting their time, and for them, time is money,” he said.

“The doom and gloom is — it is happening, and it is real,” Tobok stressed to E&P readers. “It’s not a question of if, but when. The good news is, by being proactive, you can minimize your chances of being breached, and that’s critical.” 

Gretchen A. Peck is a contributing editor to Editor & Publisher. She’s reported for E&P since 2010 and welcomes comments at gretchenapeck@gmail.com.

Helping Publishers Increase Revenue

From: Markv@manchesternewspapers.com Sent: Friday, November 6, 2020 1:24 PM To: Beverly LalondeSubject: Testimonial Beverly— I can’t tell you how much The Media Audit has meant to our local community media. Capital Region Independent Media uses the data provided by The Media Audit to inform our advertisers and potential advertisers to tell the story of our reach-which is much larger than we initially believed. Beyond the information breakdown about our audience size and demographics, The Media Audit’s information about buying patterns, intentions and past purchases of our readers has been immensely helpful. I can easily attribute sales results that have more than paid for the price of the subscription on just the first few sales made using this data. I highly recommend The Media Audit as a vital purchase for any community newspaper publisher. Mark P. Vinciguerra Publisher/President Capital Region Independent Media Call Phillip Beswick at The Media Audit (832-521-1000)

to grow your revenue. www.TheMediaAudit.com

EditorandPublisher.com/Vodcasts

Hosted by Mike Blinder

Thu, Feb 10, 2022 Wed, Feb 9, 2022

Email: service@freeweathercall.com

Local Weather

The Telecompute Corporation provides transport and content for local and national weather and information lines around the country.

Features

The weather lines offer local weather conditions including temperature, precipitation, wind direction and velocity, barometric pressure.

National Weather

Our flagship number for FREEWEATHERCALL.com provides up to the minute weather forecasts for the United States and Canada.

Advertising Opportunities

Interested in advertising with FREEWEATHERCALL.com. We offer passive, situational and interactive ads that allow an interested caller to connect. Call Now for your local weather! 757-WEATHER (932-8437)