Three and a half years ago, The New York Times announced that their network had been breached in a targeted attack.
Today, CNN is reporting another breach of The New York Times, among other press outlets.
CNN’s report says that investigators are attributing these attacks to Russian sources, possibly in conjunction with the recent attacks against the Democratic National Committee (DNC). Sources have claimed that the DNC attacks were carried out by the same threat actors behind Operation Pawn Storm, a group we’ve been tracking since 2014.
While we don’t have research to share on whether this latest attack is part of Operation Pawn Storm or not, there’s a degree to which the attribution doesn’t matter: this latest attack against The New York Times by itself underscores the important fact that newspapers, journalists and the media now are high value cyberattack targets and they should assess their risk as such and take appropriate measures to protect themselves.
Ian Fleming’s character Auric Goldfinger once famously said: “Once is happenstance. Twice is coincidence. Three times is enemy action.”
If you count 2013’s attack against The New York Times, attributed to the Syrian Electronic Army, this recent attack is the third major cyberattack they’ve suffered. Under Fleming’s rule, we now have to consider cyberattacks one of the standard threats journalists and press face on a regular basis.
When you consider the state of press freedom worldwide, this isn’t necessarily surprising. The Reporters Without Borders/Reporters sans Frontiers (RSF) 2016 World Press Freedom Index tracked a decline in press freedom that is part of an ongoing decline since 2013 (the same year as the first two attacks against The New York Times). RSF doesn’t specifically track cyberattacks, but in general, increased malicious activity in the physical world also sees increased malicious activity in the cyber world. If press freedoms are under increasing attack worldwide, it makes sense that press and journalists are facing greater cyberattack than ever before.
Regardless of who is behind this latest attack, there’s a clear message to press and journalists worldwide: In today’s world, you face increased cyber risks and should take appropriate measures to protect yourself, your devices and your networks.
For individuals, this means ensuring that you’re using up-to-date devices and systems with mature security solutions on them. Be wary of attachments and links. Only install applications and apps from known, trusted sites (like Apple’s App Store or Google Play). And when dealing with sensitive information, be sure to use encryption.
For organizations, this means not only ensuring that your individuals are protected as outlined above, but that your network itself has protections that can detect potentially malicious activity using network-based heuristics and other more advanced techniques.
Most of all, though, the latest news means that press and journalists need to recognize that they face greater cybersecurity risks than most people and organizations and adjust their security posture accordingly.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.