Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Subscriber Data Stolen from Major Military Publisher in Recent Cyber Attack

Data Breach Exposes Highly Selective Group that can be used in Targeted Phishing Attacks on DoD/Government/Defense Contractors

Data Breach Exposes Highly Selective Group that can be used in Targeted Phishing Attacks on DoD/Government/Defense Contractors

Gannett Government Media, publisher of several high profile publications catering to the military and government sectors, has been the victim of a recent a cyber attack. The publisher recently experienced unauthorized access to files containing information including first and last name, userID, password, email address, and customer numbers for its subscribers. Additionally, for some military subscribers, ZIP csode, duty status, paygrade, and branch of service was accesed, if provided.

Well known titles published by Gannett Government Media include, Army Times, Navy Times, Air Force Times, Marine Corps Times, Armed Forces Journal, Defense News, Intelligence, Surveillance and Reconnaissance Journal, Training and Simulation Journal, Federal Times, and EDGE Magazine.

Why is this more important than other recent breaches? Given the subscriber base of these publications, the data is potentially very valuable for adversaries, and could be used to craft highly targeted, and well-crafted spear phishing attacks on government and military personnel. It’s likely that the subscriber base includes a high concentration of individuals from the military, government agencies and defense contractors. Such targeted attacks are what contributed to recent high profile breaches at RSA, the IMF, and others. “A year ago a breach at Gannett would have been newsworthy. Today it is de rigeur — everybody expects it and accepts it,” said Dr. Anup Ghosh, Founder & Chief Executive Officer at Invincea. “Now if your breach doesn’t involve million users, e.g., Epsilon, or 100M users, e.g., Sony’s recent breaches, then it seems hardly newsworthy and people go back to their business,” Ghosh said.

Ghosh agrees that this breach may be a bit different in terms of fallout and opportunity to attack high value targets. “While the total number of customer data records compromised hasn’t been released, in the case of this Gannett Government Media breach, the subscriber base is military, retired military, defense contractor or other US Government personnel. As a result, it is a highly selective group that can be used in targeted phishing campaigns to get on DoD/Government/Defense contractor networks.”

Looking at the potential targets as a result of this breach, cybercriminals have an increased opportunity to target:

• American citizens – personally identifiable information (identities), financial information

• American government agencies – cyber espionage across all agencies, civilian and DoD

Advertisement. Scroll to continue reading.

• American defense contractors – military advancements and secrets

• American corporations – Intellectual property

What we are witnessing is the wholesale theft of a nation – the theft of American competitiveness on a global scale,” said Ghosh. “If you look at the news over the past 6 months, the pace of breaches seems to be growing exponentially. This is because the adversaries are essentially gaining unfettered access to our networks – we’ve sort of given up as an industry on prevention – focusing our attention on reactive security – they know this and are looking at this as an ideal opportunity to grab anything and everything they can get their hands on – and it appears they can get their hands on anything and everything.”

According to Ram Mohan, CTO at Afilias, when cybercriminals have enough detailed, information they can construct highly targeted phishing runs aimed at known customers of affected companies. “Many savvy net users have learned to be suspicious of emails beginning with ‘Dear Customer’ or other vague salutations, but these targeted “spear phishing” attacks can look a lot more convincing. If you already have a business relationship with a company and you receive a realistic-looking email purportedly from that company, you’re a little more likely to believe the phisher’s overtures are genuine if they address you by name. Many of these recommendations may appear to be basic, but it is surprising how often they go unheeded, even in large enterprises,” Mohan adds. “Recently, court documents revealed that the publisher Condé Nast handed more than $8 million over the course of several months to a fraudster posing as a regular supplier. An employee was on the receiving end of an extremely targeted spear-phishing attack.”

What do we need to do?

“As a nation, we need to wake up and realize that our defenses are down and our IP and sensitive records are being leaked,” said Invincea’s Ghosh. “We need to emphasize proactive vs. reactive security strategies. We seem to have given up on the notion of prevention. Shrugging our shoulders as an industry when these breaches occur and focused our attention on post-facto identification of a breach. This is a defeatist mentality that does nothing to curb the problem. Simply knowing what was stolen does nothing to get the data back or undue the years – potentially decades worth of damage being done.”

According to Ghosh, the user is the common denominator in the vast majority of recent breaches, driven through spear phishing attempts, poisoned search engine results, compromised websites, etc. “To slow this down, we need to think about deploying solutions that are available today on a massive scale to protect the users when they are coming into contact with untrusted content from the Internet. We need to find a way to keep user mistakes from opening the network to breach – and advances in virtualization technologies make this possible today.”

Gannett Government Media said that no financial (e.g. credit or debit card) information was compromised, as financial information is stored on a completely different system. With headquarters in Springfield, Virginia, Gannett Government Media employs over 225 people worldwide.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.