The attack on News Corp was done through Business Email Compromise, a common threat vector used by hackers to infiltrate a corporate network to gain access to valuable information.
Once hackers have gained access to your email, they can preview your most recent and historical conversations including accessing attachments and links within the email text.
Email compromise is lucrative for hackers as they can view conversations between individuals putting them in a favourable position where they can see what their target is doing, similar to being on higher ground on a battlefield and being able to watch the enemy’s movements.
MFA unavailability might have been a cause
The attack may have been enabled due to News Corp not having multi-factor authentication (MFA) for their internal email system or potentially it was the work of a more sophisticated hacker that was able to compromise the multi-factor authentication system itself.
MFA ensures the person who is accessing a particular system is the same person and provides a 2nd layer of authentication on top of the username and password like a text message with a unique number or a confirmation link sent via a mobile app to confirm authentication.
Firms can quite easily implement MFA to create an added level of assurance and security.
Training and awareness should be a priority
Training and awareness is a critical aspect that historically has been taken lightly across organisations and requires some enforcement to ensure all staff have advanced knowledge of how to use corporate systems in a secure manner and be trained to identify threats.
Similar to the Nine Network attack which was the largest cyber attack on a media company in Australia, a state was identified as the likely culprit in this incident with a key indicator being no ransom was demanded which wouldn’t be the case if it was a cyber criminal group.
Nation-state threat actors are typically government-sponsored groups that try to gain access to the networks of other governments in order to steal, damage or change information.
Common culprits identified in the past have been China, Russia and North Korea.
Notable attacks like the SolarWinds hack in December 2020 and the attack on the Democratic National Committee and members of the Hilary Clinton presidential campaign in 2016 have displayed various patterns of behaviour that allow us to identify which nation is responsible.
Based on cyber attacks in the past the CCP’s main motivation is to steal intellectual property, while the FSB is focused on their own foreign policy and disinformation campaigns.
The main suspect of the News Corp attack is the Chinese government as it mimics their behaviour in the past particularly when it comes to targeting media corporations or journalists.
Ajay Unni is the Founder of StickmanCyber, a business that helps companies mitigate their cyber-security risks. Ajay named the company after the countless stick figures he used in flow charts, throughout his years in the software and cyber-security industry.
