With The War In Ukraine, Broadcasters’ Cyberattack Risks Rise

About a month ago, a cyberattack caused an outage for PressReader, the Canadian software firm that supports more than 7,000 digital publications worldwide. Company clients include notable titles such as The New York Times, The Washington Post and the Las Vegas Review-Journal. The attack came soon after Russian forces began attacking Ukraine. A notice to subscribers of the Denver Gazette and the Colorado Springs Gazette, two other papers whose digital editions are supported by PressReader, included speculation that the outage was related to PressReader’s decision to provide free access to content for those in Ukraine and would “absorb the cost paid to publishers until further notice.”

Around the same time, a satellite network owned by U.S.-based Viasat was taken out of service by an attack which crippled modems “from Poland to France.” It didn’t take long to detect the intrusion because it disabled “remote access to thousands of wind turbines in central Europe.” While the company declined to comment on responsibility for the incident, officials in Ukraine blamed Russian state-sponsored hackers.

Media and entertainment companies tend to be priority targets for cyber criminals; the ability to distribute news, information and entertainment to large audiences is only one of the reasons. Other factors include:

• The 24/7 content model — programming companies lose advertising and/or subscription revenue each minute they are down.
• Big budgets for production provide the perception of access to sizeable sums to pay ransoms.
• Large numbers of third-party vendors multiply the number of network access points.
• And the move to interconnected digital technologies — everything from content distribution to commercial insertion — introduces additional vulnerabilities.

The world’s response to the Russian invasion of Ukraine seems to have intensified the risk. When Russian fighters first crossed into Ukraine, experts predicted that cyberattacks would be a big part of the Putin-led country’s strategy. Yet, other than the incidents at PressReader and Viasat, there has been little, if any, news of attacks originating from Russian-sponsored hackers.

On the other hand, those sympathetic to the Ukrainian cause are going after Russia and Russian companies with a vengeance. Yahoo Finance reports that hacker group Anonymous leaked the personal data of 120,000 Russian soldiers. And, NBC News reporter Kevin Collier writes that an organization called Distributed Denial of Secrets is being overrun by files “hacktivists say they’ve stolen from Russian banks, energy companies, government agencies and media companies.”

We already know that media businesses are an attractive target for cyber criminals; recent history just reinforces that conclusion. In the last year alone we’ve seen reports of hacks on Cox, News Corps’ journalists’ emails and Sinclair Broadcast Group.

While it’s not clear how long the cyber criminals had access to the Sinclair network, the speculation is that “they could have lingered inside the system anywhere from several days to several months.” That’s not unusual. Cyber consulting firm Centripetal’s Byron Rashed used data from 2020 to assert that “it takes an average of 224 days to identify a breach” in the United States. (This is about two weeks longer than the global average.)

Now, consider that Russia is a country that likes to control the message. It’s also a country facing unexpected resistance to its attack on Ukraine. We’ve already seen evidence of Russia state-sponsored interference in recent elections; keep in mind that the U.S. has midterm elections scheduled for the fall.

Additionally, the combination of sanctions and the cost of war must be taking a toll on the Russian economy. These are all good reasons to assume that there is someone sympathetic to the Russian cause looking to attack a U.S. media company for financial or ideological reasons.

It seems that it is not a question of whether hackers, regardless of their motivation, are going to target U.S. media businesses, it’s when. Unfortunately, “when” may be now and you just haven’t detected them.

Former president and CEO of the Media Financial Management Association and its BCCA subsidiary, Mary M. Collins is a change agent, entrepreneur and senior management executive. She can be reached at [email protected].