Media agencies have become one of the major targets for cybercriminals. In recent times ransomware attacks on media agencies have been very common. LockBit ransomware gang attacked the Press Trust of India and due to the attack the agency was prevented from delivering news to its subscribers. The largest independent news agency in Denmark, named Ritzau suffered a ransomware attack that led to the compromise and encryption of more than one-quarter of its 100 network servers.
Apart from these direct attacks, cybercriminals have also misused the brand name of well-known media agencies to create fake identities, which are then used to target potential victims. The United States seized 27 domain names which were used byIslamic Revolutionary Guard Corps(IRGC) of Iran for carrying out covert influence campaigns, in which several domains purported to be genuine news outlets. A few days ago,TA416 APT was found carrying out spear-phishing attacks by imitating journalists from the Union of Catholic Asia News, attempting to target a range of victims, including diplomats in Africa and people in the Vatican.
Cybercriminals have attempted many times to exploit the trust of people in media agencies. So security experts have suggested having adequate security measures such as frequent data backups, anti-malware solutions, and implementing Domain-based Message Authentication, Reporting & Conformance (DMARC). Moreover, experts recommend conducting tests to identify and eliminate the risks of domain spoofing.