Gannett Government Media Websites Suffer Data Breach

By Author: eccuni
Total Articles: 211
Comment this article

Cyber-attackers target government and defense computer systems to gain access to classified information, which could compromise national security and also put critical infrastructure under risk. Threat to government and defense computer systems may arrive from rival intelligence agencies, activists, self-proclaimed Internet vigilante groups and cyber-attack groups. Cyber-attackers always strive to improvise their modus operandi to achieve their ends. Recently, various websites of Gannett Government Media Corporation suffered cyber-attacks resulting in disruption of access to users. The affected websites include military times, federal times, Gannett Government Media Corporation, and defense times. The company publishes military news such as those related to Army, Air Force, Navy, Marine Corps and National Guard and Reserve. Computer forensics professionals are reportedly investigating the security incident. Preliminary investigations suggest cyber-attackers were reportedly successful in gaining unauthorized access to documents containing first and last name, login credentials, e-mail address and internal numbers provided by ...
... Gannett. According to the company, some records may also contain information related to duty status, pay grade, service branch, and ZIP code. However, Gannett claims that financial remains of the users of the websites remain unaffected by the security breach.

The publication is likely to have military personnel as members. Cyber-attackers having access to extracted information may initiate sophisticated cyber-attacks to collect more privileged information form military and defense personnel. In the recent times, cyber-attackers have used spear phishing attacks involving misuse the collected information to masquerade as supervisors, subordinates or peers to defraud targeted individuals into sharing disclosed information. Late last year, several government officials including cyber security specialists received Christmas greeting card, which seemingly appeared to come from White House domain. The card was a malware aimed at stealing confidential data. More recently, Google reported attempts to compromise e-mail accounts of U.S government officials by misusing the forwarding feature in Gmail. The purpose again was to access sensitive information that attackers may use to launch more sophisticated attacks. Google alleged that a nation state was behind the attack. Sophisticated attacks make it inevitable for cyber security professionals to constantly upgrade their skills by undertaking security certifications and online university degree programs.

Affected members must immediately change their passwords on the affected websites and other online sites, wherein the same login credentials are used. Use of strong and unique passwords is the basic but often ignored aspect of cyber security. Attackers having access to login credentials of one user account, may attempt to gain access to other online accounts of the affected user through brute force attacks.

Security awareness training programs, e-flyers and e-tutorials may help Internet users in keeping themselves updated of security threats and precautionary measures. Employees may take advantage of the online degree programs to improve cyber security awareness and gain insights on information security practices.

Cyber-attackers may exploit SQL injection vulnerabilities to gain access to associated databases of websites and steal, alter or damage sensitive information stored on them. Attackers may also exploit cross-site scripting and other websites. As such, regular scrutiny of websites is crucial to detect and mitigate vulnerabilities before their exploitation by attackers. Professionals qualified in masters of security science, secured programming, and penetration testing may enable organizations in making proper threat assessment and initiating corrective action.