Publishers of all sizes have been warned after cyberattacks took over the email accounts of senior staff at British publishers.
The warning comes as The Washington Post investigated a similar attack on email accounts of journalists, with an intrusion discovered in June, and all staff passwords reset as a precaution.
In at least two separate attacks in Britain, cybercriminals have taken over the accounts of editors at business publications, with the accounts used to send out bogus ‘Request for Proposal’ documents to ensnare their contacts.
Cyber experts have warned that criminals may be setting their sights on British publishers after a spate of attacks targeting retailers such as Marks & Spencer and Co-op.
In 2023, 61 media groups were targeted by cyberattacks, up from 50 in 2022, with ‘Advanced Persistent Threat’ groups (often government-backed hackers) more likely to target journalists due to the high intelligence value of their information, according to Gatewatcher security.
Phishing remains the most common method of attack, with media groups targeted both by ‘hacktivists’ and for-profit ransomware gangs.
In an attack on Haymarket, a suspected cybercriminal took over an editor’s email account and began sending ‘sales emails’ to business contacts with links to download files.
The account replied to correspondence to say that the emails were not dubious and that the recipients should go ahead and download files.
Hackers have targeted book publishers in the UK in recent months, with ransomware attacks on printer CPI, Cambridge University Press and The Agency.
Cybercriminal gangs tend to target industries in certain countries, as the techniques required to take over one retailer (for example) can then be used on others. British retailers Marks & Spencer and Co-op have both been hit hard in recent months.
Matt Middleton-Leal, managing director EMEA at cybersecurity firm Qualys, which spotted the attacks, said media companies make tempting targets for cyberattackers.
Middleton-Leal said: “Media companies are trusted organisations – editors and journalists interact with brands and contacts all the time, and they are normally trusted in those interactions.
“So stealing an editorial staffer’s email address and sending links to downloads is potentially a valid route to get into further potential targets. Those staff also have to deal with a lot more potential contacts in their roles, so they have to be on the look-out for potential attacks across a lot more contact messages compared to the majority of employees.
“Those editor accounts might be in touch with marketing companies, with PR firms, and with other commercial partners. Each of those contacts might be a significant brand with cash on hand to pay ransoms, or they may also have information that is valuable enough to steal and then ransom or sell on.”
The current attacks could be a warning sign for publishers in the UK, Middleton-Leal said.
“We saw the retail sector hit with multiple large firms in the UK affected, followed by the same campaign being deployed in the US to target retailers there; now it seems like firms in the insurance sector are being targeted more heavily. So this could be a sign that the media sector is going to be targeted as well.”
Middleton-Leal said that basic cybersecurity measures pay dividends, even for small publishers that may have lean IT teams.
Keeping systems up to date and implementing multi-factor authentication (so that users have to authenticate via a phone app or text message) can often be enough to keep cybercriminals out, Middleton-Leal advised.
“Those working in the media and marketing sectors may be less likely to spot more sophisticated scams, but the ones that we have seen so far this year are quite simple.
“Nevertheless, any organisation can be hit in an attack like this, from larger media companies that have thousands of staff through to smaller publishers that have a few or tens of staff.”
[Read more: How publishers should respond to a deluge of news industry cyberattacks]
Email pged@pressgazette.co.uk to point out mistakes, provide story tips or send in a letter for publication on our "Letters Page" blog
