3x Expert Comments - The Guardian Attack
December 2022 by cyber security experts
Following today’s news that The Guardian has been hit by a cyberattack, potentially of the ransomware kind, leading to staff members having to work from home, Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, Dr Darren Williams, CEO of Blackfog, and Stephen Gates, Security Evangelist at Checkmarx comment:
Joseph Carson, Chief Security Scientist and Advisory CISO, Delinea
“Although the confirmation of a ransomware attack is still to be officially made, the first major concern that comes to mind in relation to the IT incident reported at The Guardian is the growing target rate against national and international media outlets. Such publications are ideal victims for attackers due to the high resonance and large-scale disruption they can potentially cause. Cyber-attackers thrive in disrupted environments, as people are distracted and their guards are low, particularly during a holiday season.
In any case, what is happening at The Guardian is an important reminder to be Incident Response Ready. Organisations need to have a solid backup and recovery strategy that includes ransomware mitigation, along with strong identity and access security controls. Once access into a system is gained by attackers, it is only a matter of time before ransomware is deployed.”
Dr Darren Williams, CEO and Founder of Blackfog
“As we head into the holiday season and people start to take well-deserved time off, an increase in cyberattacks is unfortunately expected. Cybercriminals certainly don’t take a break over the holiday season, as is evident by today’s news about The Guardian.
Whilst there are many unknowns about the suspected ransomware attack on the Guardian, we can be confident that data exfiltration was the motive for the attackers.
Whilst we are glad to hear the publishers will continue to operate and publish the paper in the run up to the holidays, it’s the aftermath of the cyberattack that is cause for concern. With virtually all new attacks focussing on data exfiltration to extract valuable data for extortion, the damage is often unknown for quite some time. We may be well into the New Year before we know the extent of the fallout.“
Stephen Gates, Security Evangelist, Checkmarx
“Although there are lots of possible reasons why a ransomware attack may have been successful, one cannot discount weak application security as a major enabler. Once an application is exploited and attackers gain access, or even take over a frontend, locking down and encrypting backend resources is an easy thing to pull off. Since most applications are obviously exposed to the internet, they make a great launching point for these types of attacks. If I were The Guardian, I would look to an exploitable vulnerability in an application as being a possible entry point. This also highlights the need for better software composition analysis and supply chain attack intel if open source was a potential cause.”