By Ajay Unni
The recent attack on News Corp was done through what is known as Business Email Compromise (BEC) a common threat vector used by hackers to infiltrate a corporate network to gain access to valuable information.
Once hackers have access to your email they can preview your most recent and historical conversations including accessing attachments and links within the email text.
Email compromise is very lucrative for hackers as they can view one-on-one conversations between individuals and groups putting them in a favourable position where they can see what their target is doing, similar to being on higher ground on a battlefield and being able to watch the enemy’s movements.
The attack may have been enabled due to News Corp not having multi-factor authentication (MFA) for their internal email system or potentially it was the work of a more sophisticated hacker that was able to compromise the MFA system itself.
MFA plays a crucial role in ensuring the person who is trying to gain access to a particular system is the same person and it provides is a second layer of authentication on top of the username and password, for example, a text message with a unique number or a confirmation link sent via a mobile app to confirm authentication.
Organisations can quite easily implement MFA to create an additional level of assurance and security.
Training and awareness is another critical aspect that historically has been taken lightly across organisations and requires some level of enforcement to ensure all staff have advanced knowledge of how to use corporate systems in a secure manner and being trained to identify threats.
Similar to the attack on the Nine Network last year, which was the largest cyber attack on a media company in Australia, a state actor has also been identified as the likely culprit in this incident with a key indicator being no ransom was demanded which wouldn’t be the case if it was a cybercriminal group.
Nation-state threat actors are typically government-sponsored groups that try to gain access to the networks of other governments to steal, damage or change information. Common culprits identified in the past have been China, Russia and North Korea.
Some notable attacks in the past including the SolarWinds hack in Dec 2020 and the attack on the Democratic National Committee and members of the Hilary Clinton presidential campaign in 2016 have displayed various patterns of behaviour that allow us to identify which nation is responsible. For example, based on cyber attacks in the past the Chinese Communist Party’s main motivation is to steal intellectual property, while the Russian Intelligence agency is focused on their own foreign policy and disinformation campaigns. Therefore it isn’t surprising that the main suspect of this attack on News Corp, is the Chinese government, seeing as it mimics their behaviour in the past particularly when it comes to targeting media corporations or journalists.
About the author: Ajay Unni (pictured above) is cyber-security expert and founder of StickmanCyber. This is an opinion column. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of this publication.
Like What You Read?
Howdy! Thanks for dropping by and reading our stuff. DailyStraits.com is an independent website that covers all things business and entrepreneurship related. If you like what you read, a little donation from your good self will go a long way in helping us run this site successfully. Thank you!
Welcome to dailystraits.com. Please send all interview requests and press releases to firstname.lastname@example.org.