Certainly the cyberattacks or data breaches involving individual members of the media or media outlets aren’t as widespread as those in the banking or insurance industries. However, I’ve begun to notice an increase in the reports of incidents involving journalists and other media personnel.
For example, in March, Kara Reeder wrote of the Yahoo accounts of journalists in China that were hacked. In February, British journalists fell victim to a Twitter phishing attack.
Today on my Twitter feed, a message came through from F-Secure that read:
A targeted attack that plays on your desire for good PR.
F-Secure found a new malicious XLS file containing information on media personnel from around the world. F-Secure reported:
When the file is opened, it exploits a vulnerability in Excel. The vulnerability executes a piece of embedded code that drops several new executables to hard drive and launches them. The executables contain a backdoor that gives the attacker full access to data on the target’s computer.
While F-Secure stated the relevance of using journalists’ names is unknown, the screen shot of the XLS file shows a media list that would interest company communications directors or others within an enterprise wishing to reach out to a broader audience.