Threat Intelligence

    Bad Actors Target Media Industry with Impersonation Attacks

    Impersonation attacks to spread disinformation through the media rose dramatically during the first half of 2020.

    by Mercedes Cardona

    Key Points

    • Email impersonation attacks on news organizations and publishers have been steadily rising throughout 2020.
    • Some of this is likely due to the coronavirus pandemic, since news organizations continued operating during the shutdown and were more vulnerable to attack.
    • The upcoming U.S. elections appear to be another reason, as state-backed hackers from Russia and elsewhere work to spread disinformation ahead of November’s vote.


    This past June, a number of popular YouTube channels were taken over by scammers who posted videos promising viewers to double their money if they sent them cryptocurrency. Then in July, another group of fraudsters took over hundreds of high-profile Twitter accounts belonging to business leaders, politicians and celebrities.[1]

    While these attacks were highly publicized, there may be more to the story than cybercriminals looking for Bitcoin, like the YouTube and Twitter hackers. Even after a Florida teen was arrested for masterminding the Twitter attack, knowledgeable persons have expressed concern the public remains highly susceptible to online misinformation and outright deceit.

    An Outbreak of Impersonation Attacks

    This is reflected in the rising levels of impersonation attacks taking place online. Analyzing the attacks against its U.S. customers from January 2020 through June 2020, the Mimecast Threat Center found that the media and publishing sector was the industry most-often targeted by impersonation attacks, many of which were perpetrated by cybercriminals seeking to disseminate false narratives and disinformation.[2] Overall, the volume of impersonation attacks grew by 37% in January through June and made up nearly one quarter of all email attacks detected during that time.

    Impersonation attacks are also evolving beyond email to take advantage of new channels such as texting. As the Mimecast study noted: “The evolution of impersonation into voicemail phishing messages has grown; it is almost certain this form of attack will be used continuously and will evolve again in the coming year.”

    The threat intelligence researchers linked the change to the COVID-19 pandemic. “It’s likely indicative of the prevalence of disinformation, and attempts to gain access to information during a period of uncertainty, fear, and chaos,” the report concluded.

    U.S. authorities, meanwhile, are concerned that the people behind these attacks are not merely cybercriminals. The deeper fear, as expressed by Secretary of State Mike Pompeo, is that they involve state actors trying to conduct disinformation campaigns and other forms of cyber warfare against the U.S.[3] To back this up, Pompeo released a report accusing the Russian government of carrying out a disinformation campaign that includes false narratives about the COVID-19 pandemic.[4]

    Threat to U.S. Elections

    Russian, Chinese and Iranian hackers are among the many state-backed actors threatening the U.S. media and other public organizations, warned William Evanina, director of the National Counterintelligence and Security Center.[5] The Center has prepared a counterintelligence strategy plan for 2020-2022 to contend with the growing number of foreign actors with sophisticated cyber skills and tools.[6]

    “Foreign nations continue to use influence measures in social and traditional media in an effort to sway U.S. voters’ preferences and perspectives, to shift U.S. policies, to increase discord and to undermine confidence in our democratic process,” Evanina said in his statement. “The coronavirus pandemic and recent protests, for instance, continue to serve as fodder for foreign influence and disinformation efforts in America.”

    Concerned about the ways in which disinformation campaigns could influence the upcoming U.S. elections, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) included a section on foreign interference “designed to sow discord, manipulate public discourse, discredit the electoral system, bias the development of policy, or disrupt markets” in its elections security guide for state and local officials.[7]

    Email Security and Good Cyber Hygiene Can Stop Disinformation

    The media sector may have been especially vulnerable to email attacks in part because publishers were among the organizations that remained active during the pandemic lockdown. Not coincidentally, manufacturing was another sector that was vigorously targeted by cybercriminals during the lockdown, as their factories continued to operate. Many essential services were targeted for email attacks during the early months of the pandemic, including ransomware attacks on industrial systems and healthcare organizations.

    A recent Google report noted that “The pandemic has taken center stage in people’s everyday lives, in the international news media and in the world of government-backed hacking.” As one indication of this, Google said that in the month of May alone it had to send alerts to 1,755 customers saying their accounts had been targeted by government-sponsored attackers.[8]

    Cybersecurity experts continue to remind organizations that basic cyber hygiene practices can prevent attacks against the media and publishing industry, such as routine system scanning and promptly installing the latest software security fixes, practicing consistent password security and limiting access to critical data.


    [1] “Big YouTube Channels are Being Plagued by Hackers Promoting Bitcoin Scams Resembling the Hack that Compromised Twitter” Business Insider

    [2] Mimecast Threat Intelligence Report: Black Hat USA Edition

    [3] “Rewards for Justice—Reward Offer for Information on Foreign Interference in U.S. Elections” U.S. Department of State

    [4] “Briefing With Special Envoy Lea Gabrielle On the GEC Special Report: Pillars of Russia’s Disinformation and Propaganda Ecosystem” U.S. Department of State

    [5] “Statement by NCSC Director William Evanina: 100 Days Until Election 2020” The National Counterintelligence and Security Center

    [6] “National Counterintelligence Strategy of the United States of America 2020-2022” The National Counterintelligence and Security Center

    [7] “#Protect2020: CISA Gears Up for Election Security” CISA

    [8] “Updates about Government-Backed Hacking and Disinformation” Google Blog

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top