For media and broadcasting organizations, the threat of having their websites forced offline is a significant one. We looked beyond DDoS to understand the threats to broadcasting and media organizations in 2016 and outlines steps they can take to prevent and mitigate potential threats.
While IoT botnets can act as a force multiplier for otherwise ineffective hacktivist campaigns (such as OpSilence and OpClosedMedia), DDoS attacks are only one piece of a far larger threat landscape for media organizations. Security professionals must understand the other threats that pose risks to their industry, including extortion, propaganda, malvertising and leaked data. By understanding the actors targeting your organization – as well as the tools they are using – organizations can take a more proactive approach to security.
Figure 1: Top 5 Threats to the Media and Broadcasting Industry
Aside from DDoS, one threat media organizations should consider is malvertising. “Malvertising” is the use of online advertising to spread malware and is often used as a vector to compromise users who visit legitimate websites. Malvertising spreads most readily as a result of users utilizing out-of-date software that can be compromised by clicking a link to a malicious website. Because advertising content can be inserted into high profile and reputable websites, malvertising provides online criminals with an opportunity to push their attacks to web users who might not otherwise see the advertisements, due to the use of firewalls or other safety precautions. Some of the most popular websites for this are news sites. An example of an actor targeting media organizations is AdGholas, which exploited a critical remote code execution vulnerability in Internet Explorer.
Other substantial threats to the media and broadcasting industry include data breaches account takeover. Over the last four years, there have been numerous cases of media and broadcasting organizations undergoing breaches and these are outlined below. In addition to these, there are also third party breaches that impact your organization. For the world’s biggest 1,000 companies, those organizations in entertainment industry saw the exposure of nearly 1 million email and password combinations. These can be used in account takeovers, spam campaigns and for credential stuffing.
Organizations should look beyond the risks associated with availability of services and also consider the threat posed by extortion, propaganda, malvertising and leaked data. By understanding these, media and broadcasting companies can better placed to secure themselves and their customers.
To learn tips to avoid cyber attacks in the media and broadcasting industry, check out the 1 page report below.
To get the latest in cyber threat intelligence and digital risk management, subscribe to our threat intelligence emails here.