Dig­i­tal Shad­ows re­leases ‘Shoot­ing the Mes­sen­ger’

Kuwait Times - - TECHNOLOGY -

Dig­i­tal Shad­ows, a provider of cy­ber sit­u­a­tional aware­ness, re­leased its Shoot­ing the Mes­sen­ger: Un­der­stand­ing the Threats to the Me­dia and Broad­cast­ing In­dus­try re­port which re­vealed that rev­enue gen­er­at­ing web­sites are a threat to me­dia busi­nesses’ bot­tom line and are in­creas­ing with malver­tis­ing, ex­tor­tion, pro­pa­ganda, ac­count take over and data leak­age be­ing the most com­mon at­tacks tar­geted to­wards me­dia and broad­cast or­ga­ni­za­tions.

The Dig­i­tal Shad­ows re­port fur­ther re­vealed that the in­se­cu­rity sur­round­ing In­ter­net of Things (Iot) de­vices, such as WiFi-en­abled cam­eras, sur­veil­lance sys­tems, light­ing, and even fridges, is pre­sent­ing cy­ber­crim­i­nals and hack­tivists with more op­por­tu­ni­ties to tar­get me­dia and broad­cast or­ga­ni­za­tions. The re­port fur­ther re­vealed that as the me­dia and broad­cast­ing in­dus­try are in­creas­ingly con­duct­ing more busi­ness on­line as a grow­ing de­mand from cus­tomers, there are pro­jec­tions of rev­enue in­creases of $100 bil­lion by 2020 but the threat of hav­ing their web­sites forced off­line and be­com­ing un­avail­able to cus­tomers rep­re­sents a se­ri­ous busi­ness risk.

“At­tacks can ei­ther be op­por­tunis­tic in na­ture, whereby a threat ac­tor will tar­get an or­ga­ni­za­tion hav­ing dis­cov­ered a par­tic­u­lar soft­ware vul­ner­a­bil­ity on a public-fac­ing site, or more tar­geted as the or­ga­ni­za­tion may hold par­tic­u­larly sen­si­tive or lu­cra­tive in­for­ma­tion that can be used for a va­ri­ety of ma­li­cious uses. Broad­cast­ing ser­vices rep­re­sent po­ten­tially worth­while tar­gets as they of­ten hold ex­ten­sive per­sonal de­tails about their cus­tomers, such as names, dates of birth, phys­i­cal ad­dresses and pay­ment in­for­ma­tion,” said Chris Brown, VP EMEA, Dig­i­tal Shad­ows.

The re­port fur­ther re­vealed that by their very na­ture, news sites at­tract large amounts of traf­fic. While this is great for their busi­ness mod­els, it makes them an at­trac­tive tar­get for malver­tis­ing, which is of­ten used as a vec­tor to com­pro­mise users who visit le­git­i­mate web­sites. Be­cause ad­ver­tis­ing con­tent can be in­serted into high pro­file and rep­utable web­sites, malver­tis­ing pro­vides on­line crim­i­nals with an op­por­tu­nity to push their at­tacks to web users who might not other­wise see the ad­ver­tise­ments, due to the use of fire­walls or other safety pre­cau­tions. The ‘Shoot­ing the Mes­sen­ger’ re­port fur­ther re­vealed a dif­fer­ent ap­proach to cy­ber­at­tacks - ty­posquat­ting - where at­tack­ers use do­main names that are sim­i­lar to launch a wide va­ri­ety of on­line fraud in­clud­ing phish­ing cam­paigns. Chris Brown fur­ther added, “Given the avail­abil­ity and low bar­ri­ers of en­try to lever­age Ddos tools, one can ex­pect both the fre­quency and size of Ddos at­tacks to in­crease. How­ever, Ddos at­tacks are only one piece of a far larger threat land­scape for me­dia or­ga­ni­za­tions.

Iot bot­nets have also demon­strated the ca­pa­bil­ity to launch high vol­ume de­nial of ser­vice at­tacks and de­spite in­creas­ing aware­ness, the se­cu­rity of Iot de­vices is likely to re­main an is­sue for the fore­see­able fu­ture as a grow­ing num­ber of In­ter­net-fac­ing prod­ucts are in­se­curely brought to the mar­ket and threat ac­tors develop ways to ex­ploit them. Se­cu­rity pro­fes­sion­als must un­der­stand the other threats that pose risks to their in­dus­try in­clud­ing malver­tis­ing, ex­tor­tion and data leak­age and by un­der­stand­ing these threats, as well as the ac­tors be­hind them, me­dia and broad­cast­ing com­pa­nies can bet­ter se­cure them­selves and their cus­tomers.”

Email ad­dresses of me­dia and broad­cast­ing or­ga­ni­za­tions have also been leaked through other breaches. In a re­cent Dig­i­tal Shad­ows re­port that an­a­lyzed the ex­tent of cre­den­tial com­pro­mise from the world’s big­gest 1,000 com­pa­nies, many leaked cre­den­tials were dis­cov­ered. By an­a­lyz­ing nearly 30,000 claimed breaches, dis­cov­ered across paste sites, crim­i­nal fo­rums and dark web sources, we dis­cov­ered over 935,870 email and pass­word com­bi­na­tions for the me­dia and en­ter­tain­ment in­dus­try. The top breaches were, some­what un­sur­pris­ingly, so­cial me­dia plat­forms. In­deed, Mys­pace, LinkedIn, and Tum­blr breaches were re­spon­si­ble for a re­spec­tive 41, 14 and 3 per­cent of the to­tal leaked cre­den­tials.

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.