Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cox Media Group. Show all posts

Iranian Hackers Behind Cox Media Group Ransomware Attack

 

Iranian hackers were behind the ransomware attack that disrupted Cox radio and TV stations' IT systems and live streaming earlier this year, according to The Record. 

The attack was carried out by a threat actor known as DEV-0270, which has been linked to many incursions against US organizations this year that resulted in the deployment of ransomware. While the Cox Media Group's infiltration was discovered on June 3 when the attackers used ransomware to encrypt some internal servers, the group had been breaching and hiding inside the company's internal network since mid-May. 

The attack did not affect all Cox Media Group radio and television stations, but it did disrupt certain stations' capability to broadcast live feeds on their websites. Initially, the Cox Media Group attempted to downplay the incident. 

Local reporters who used Twitter to convey information about the ransomware attack were admonished and forced to withdraw their posts. However, four months later, in October, the corporation finally confirmed the incident, although without disclosing any details about the Iranian hackers. 

The disclosure that Iranian hackers were behind the Cox attack comes less than a month after the US Department of Justice charged two Iranian citizens with various hacking-related offenses in November. One of them was for compromising a US media firm with the goal of disseminating false information about the legality of the US 2020 Presidential election via its website. 

Lee Enterprises, which owns the Buffalo News, the Arizona Daily Star, and the Omaha World-Herald, was eventually confirmed as the company. DEV-0270 has previously engaged in both information-collection operations and financially motivated attacks, according to a Microsoft threat intelligence analysis on the group, obscuring the true reason behind the recent Cox ransomware attack. 

The strategy of delivering ransomware on the networks of large corporations was first detected in late 2016 by Iranian hackers, namely the SamSam group. Their strategy of focusing on large businesses rather than end-users was later adopted by the majority of ransomware threat actors, and is now known as "big-game hunting." 

Since then, the majority of ransomware attacks have been attributed to Russian-based groups; however, certain ransomware cases have also been linked to members of state-sponsored espionage groups operating in Iran, China, and North Korea in recent years. 

These groups used ransomware on the networks of some of their victims as a path to monetize compromised companies with no intelligence-collection value or to hide intelligence collection behind a more generic ransomware issue that wouldn't prompt a more in-depth examination. 

Cox Media Group spokespersons did not respond to inquiries for comment on the incursion in May and June.

Hackers Reportedly Target Cox Media Group Stations



‘Cox Media Group’, is one of the largest media conglomerates in the United State, earlier today, the organization has to put down its live streams for television and radio stations. According to the sources, the attack has been deemed unprecedented due to which Cox Media programs were inaccessible across the country. 

The Cox Media Group has ownership of 33 television stations in 20 markets, 54 radio stations in 10 markets, various multi-platform streaming videos, and several digital platforms. The TV stations in markets like Pittsburgh; Boston; Dayton, Seattle; Ohio; Oklahoma, and Tulsa, are a mixture of major network affiliates like ABC, CBS, FOX, NBC, etc. 

A report has been published by Inside Radio that disclosed the technical details of the attack wherein it was mentioned that the attack took place on the morning of the 3rd June and crashed the internal networks and streaming capabilities including the mobile apps and web streams properties. However, official websites of Cox Media and several programs kept running without any harm but some programs have to be rescheduled.

“This morning we were told to shut down everything and log out our emails to ensure nothing spread. According to my friends at affiliate stations, we shut things down in time to be safe and should be back up and running soon,” a Cox employee shared with media. 

Notably, the incident didn’t impact traditional pay-TV feeds for the channels. Meanwhile, the Dish Network reported that its network didn’t experience any issue regarding ransomware attack, so far; Dish Network is the broadcaster that made a deal with Cox Media for about 14 channels in December 2020. 

Deputy National Security Adviser Anne Neuberger on Thursday issued an open letter requesting organizations to take security precautions against ransomware attacks. 

Nowadays, many tech giants and several cybersecurity firms are taking ransomware attacks way more seriously, still, the gaps in prevention persist.