Cyberattack Affects Operations at Slovenian TV Channel
Cyberattack Affects Operations at Slovenian TV Channel
This Is 3rd Attack Against a European Media Company in 3 Months
Soumik Ghosh • February 14, 2022
Credit Eligible
Cyberattack Affects Operations at Slovenian TV Channel
Pro Plus channels and websites. (Photo: Pro Plus website/CC)
Slovenia's top private TV channel, Pop TV, was hit last week by an "intrusion into the media company's computer system," its parent company, Pro Plus, said in a statement.
See Also: Live Webinar | How to Stop the Four Horsemen of the Data Loss Apocalypse
Following the disclosure, the Slovenian Computer Emergency Response Team, or Sl-CERT, said that the country's National Cyber Security Response Center is working with Pro Plus, but did not reveal any further details.
In an update released Thursday, the company spokesperson says: "We cannot yet estimate the full extent of the attack, we are currently focusing all our efforts on putting our main systems back into their original operation as soon as possible, which will enable the smooth operation of television programs and websites."
Although Pro Plus says its on-demand TV programs are back on the air, availability of its websites is limited. The company says that it is unable to air live broadcasts and sports matches or upload new and missed content to its video library.
Pro Plus and the Sl-CERT have not yet responded to Information Security Media Group's request for additional information on the attack vector and the possibility of the incident being a ransomware attack.
European Media Firms Under Attack
The cyberattack on Pro Plus is the third major cyberattack to disrupt operations in a European news and media outlet in the past three months.
In January, the Lapsus$ ransomware group allegedly conducted a ransomware attack on Portugal's largest media conglomerate, Impresa Sociedade Gestora de Participacoes Sociais SA.
The cyberattack knocked the country's most popular TV channel, SIC, off air and halted operations at Portuguese newspaper Expresso.
Preceding the Portugal incident, on Dec. 28, a ransomware attack affected Norwegian newspaper Amedia. Like the Pro Plus and Expresso attacks, the incident caused Amedia to shut its presses. (See: Ransomware Attack Forces Norway Newspaper to Shut Presses)
A senior intelligence analyst at the Security Operations Planning and Management unit of the North Atlantic Treaty Organization, Dino Mora, tells ISMG that as the attribution for the cyberattack on Pro Plus hasn't been confirmed yet, he cannot comment on whether the incident has any relation to the current geopolitical situation in Eastern Europe.
But in the recent past, he says, other media companies have been targeted by cyberattacks that were either politically motivated or conducted for ransom.
While the definition of critical infrastructure hasn't included media companies, Mora says that there have been discussions in the U.S. to increase the threat level for cyberattacks on critical infrastructures and to include media companies in addition to telecommunication firms as the most targeted sectors.
Explaining the rationale behind the development, Mora says: "Cutting communication and real-time information sharing would be one of the first measures in case of offensive initiatives."
"Regarding securing organizations, considering that the risk of a cyberattack cannot be totally eliminated but surely anticipated and greatly mitigated, I would suggest focusing on implementing the array of cybersecurity controls, especially related to awareness and training," he says.
According to Mora, the main vector in malware attacks is the human factor. He recommends that CISOs of media organizations increase network security architecture and add layered defenses.
Cybersecurity in Slovenia
Under the Digital Slovenia initiative, the Slovenian government adopted a national cybersecurity system to facilitate a rapid response to security threats, aiming to protect the country's information and communications technology infrastructure.
In the Digital Slovenia report, the government acknowledges that while there have been proposals for systemic regulation of cybersecurity, implementation never took place.
While Sl-CERT is the national response center for network incidents, the IT Directorate at the Ministry of Public Administration and the Ministry of Defense is also responsible for the country’s national security posture.
The Slovene Intelligence and Security Agency is in charge of counterintelligence activities. The IT and telecommunications wing of the country's police department and the Criminal Police Directorate also work to combat cybercrime.
The digital Slovenia report says the cooperation of stakeholders in cybersecurity assurance is not formally regulated, but the country's response centers "cooperate informally."
In 2017, eight significant cyberattacks hit Slovenian companies, according to news publication RTV Slovenia. The worst one affected the country's only car manufacturer, Revoz.
According to the report, operations at the manufacturing plant came to a halt when all its computers were locked, displaying a notification written in Croatian.
In October 2020, the U.S. strengthened collaboration with Slovenia on cybersecurity by establishing a "state-of-the-art Cyber Range" - a virtual environment used by Slovenia's Ministry of Defense as a platform to train and develop cybersecurity experts.
The unit is also used by the country's universities and academic institutions for cyber research and development.
This Is 3rd Attack Against a European Media Company in 3 Months
Soumik Ghosh • February 14, 2022
Credit Eligible
Cyberattack Affects Operations at Slovenian TV Channel
Pro Plus channels and websites. (Photo: Pro Plus website/CC)
Slovenia's top private TV channel, Pop TV, was hit last week by an "intrusion into the media company's computer system," its parent company, Pro Plus, said in a statement.
See Also: Live Webinar | How to Stop the Four Horsemen of the Data Loss Apocalypse
Following the disclosure, the Slovenian Computer Emergency Response Team, or Sl-CERT, said that the country's National Cyber Security Response Center is working with Pro Plus, but did not reveal any further details.
In an update released Thursday, the company spokesperson says: "We cannot yet estimate the full extent of the attack, we are currently focusing all our efforts on putting our main systems back into their original operation as soon as possible, which will enable the smooth operation of television programs and websites."
Although Pro Plus says its on-demand TV programs are back on the air, availability of its websites is limited. The company says that it is unable to air live broadcasts and sports matches or upload new and missed content to its video library.
Pro Plus and the Sl-CERT have not yet responded to Information Security Media Group's request for additional information on the attack vector and the possibility of the incident being a ransomware attack.
European Media Firms Under Attack
The cyberattack on Pro Plus is the third major cyberattack to disrupt operations in a European news and media outlet in the past three months.
In January, the Lapsus$ ransomware group allegedly conducted a ransomware attack on Portugal's largest media conglomerate, Impresa Sociedade Gestora de Participacoes Sociais SA.
The cyberattack knocked the country's most popular TV channel, SIC, off air and halted operations at Portuguese newspaper Expresso.
Preceding the Portugal incident, on Dec. 28, a ransomware attack affected Norwegian newspaper Amedia. Like the Pro Plus and Expresso attacks, the incident caused Amedia to shut its presses. (See: Ransomware Attack Forces Norway Newspaper to Shut Presses)
A senior intelligence analyst at the Security Operations Planning and Management unit of the North Atlantic Treaty Organization, Dino Mora, tells ISMG that as the attribution for the cyberattack on Pro Plus hasn't been confirmed yet, he cannot comment on whether the incident has any relation to the current geopolitical situation in Eastern Europe.
But in the recent past, he says, other media companies have been targeted by cyberattacks that were either politically motivated or conducted for ransom.
While the definition of critical infrastructure hasn't included media companies, Mora says that there have been discussions in the U.S. to increase the threat level for cyberattacks on critical infrastructures and to include media companies in addition to telecommunication firms as the most targeted sectors.
Explaining the rationale behind the development, Mora says: "Cutting communication and real-time information sharing would be one of the first measures in case of offensive initiatives."
"Regarding securing organizations, considering that the risk of a cyberattack cannot be totally eliminated but surely anticipated and greatly mitigated, I would suggest focusing on implementing the array of cybersecurity controls, especially related to awareness and training," he says.
According to Mora, the main vector in malware attacks is the human factor. He recommends that CISOs of media organizations increase network security architecture and add layered defenses.
Cybersecurity in Slovenia
Under the Digital Slovenia initiative, the Slovenian government adopted a national cybersecurity system to facilitate a rapid response to security threats, aiming to protect the country's information and communications technology infrastructure.
In the Digital Slovenia report, the government acknowledges that while there have been proposals for systemic regulation of cybersecurity, implementation never took place.
While Sl-CERT is the national response center for network incidents, the IT Directorate at the Ministry of Public Administration and the Ministry of Defense is also responsible for the country’s national security posture.
The Slovene Intelligence and Security Agency is in charge of counterintelligence activities. The IT and telecommunications wing of the country's police department and the Criminal Police Directorate also work to combat cybercrime.
The digital Slovenia report says the cooperation of stakeholders in cybersecurity assurance is not formally regulated, but the country's response centers "cooperate informally."
In 2017, eight significant cyberattacks hit Slovenian companies, according to news publication RTV Slovenia. The worst one affected the country's only car manufacturer, Revoz.
According to the report, operations at the manufacturing plant came to a halt when all its computers were locked, displaying a notification written in Croatian.
In October 2020, the U.S. strengthened collaboration with Slovenia on cybersecurity by establishing a "state-of-the-art Cyber Range" - a virtual environment used by Slovenia's Ministry of Defense as a platform to train and develop cybersecurity experts.
The unit is also used by the country's universities and academic institutions for cyber research and development.
