The Guardian has confirmed that the December cyber incident was a malicious ransomware attack, with malicious actors gaining access to employees data. Threat actors targeted the news media in December 2022, even though true scope of the attack was not made public till the second week of January 2023.
The attack has allegedly had an impact on some of the company’s IT infrastructure, according to The Guardian, whose media editor broke the news first.
In a message to employees, Anna Bateson, the CEO of Guardian Media Group, and Katharine Viner, the editor-in-chief, clarified:
There has been a serious incident which has affected our IT network and systems in the last 24 hours. We believe this to be a ransomware attack but are continuing to consider all possibilities.
Employees have been instructed to work remotely until further notice because, according to the publisher, there has been a disruption in its side activities. The company claims that online publication is mainly unaffected.
Sensitive data of staff employees in the UK was reportedly accessed in the attack, according to the London-based news company. At this point, no private or stolen information has been leaked online. With around 380 million monthly visitors, The Guardian is the seventh-most-read news website (monthly change in ranking) worldwide.
Attack Origin
It’s still unknown how The Guardian’s computer systems were compromised, and little details about the incident have been released. Joe Gallop, the intelligence analysis manager of Cofense, is investigating the issues facing the newspaper company for Global Magazine.
According to Gallop:
The attack on The Guardian, unfortunately, follows a familiar trend threat actors most often use phishing as a preliminary step in multi-step ransomware operations, rather than a direct delivery mechanism for ransomware itself.
Phishing is a fraudulent technique used by attackers to get sensitive information by pretending to be a trusted source via email or another type of personal messaging.
It’s also unknown who executed the attack, and no significant ransomware group has yet claimed responsibility.
In addition, the CEO and Editor-in-Chief said:
We believe this was a criminal ransomware attack, and not the specific targeting of the Guardian as a media organisation. These attacks have become more frequent and sophisticated in the past three years, against organisations of all sizes, and kinds, in all countries.
Fast Company, a U.S. business journal, had its internal systems compromised in September, allowing hackers to send aggressive push alerts to Apple News subscribers.
According to Gallop’s recommendation:
Organisations must take the necessary steps to protect inboxes and detect threats. Adopting actionable intelligence that gives visibility into the risk factors in your network and responds to phishing threats immediately and decisively will help keep malicious actors at bay and ensure the protection of sensitive data.
The Guardian advised employees create secure passwords and to change them regularly. The National Cyber Security Centre’s recommendation actually contradicts this practice: “Regular password change damages rather than enhances security”.
Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.