The technology media and telecommunications (TMT) industry is a highly visible industry vertical where remaining competitive and building a recognizable brand typically requires a significant digital footprint. Exposure to the masses through websites, social media, and advertising to drive sales takes precedence as businesses attempt to grow customers and revenue. However, this often comes with increased risk posed by vulnerabilities, misconfigurations, and externally facing infrastructure that remains overlooked and under-prioritized. The dynamic and fast-moving market in which TMT companies must innovate and adapt within often leaves security as an after-thought.
1. Technology, media, and telecommunications industry threat landscape
Recent observations trends
&Global Threat Assessment by Deloitte Global Cyber Threat Intelligence.
Issue date: February 26th 2019 | TLP: WHITE | Industry: LSHC | Region: all | Serial: A- TR-EN-01-8886
2. Threat Landscape | Technology, Media, and Telecommunications Industry
The Technology, Media, and Telecommunications (TMT) Industry is
threatened by a variety of actors. Deloitte has observed three primary
motives behind threat actor targeting and will explore five core industry
threat events targeting the TMT Industry.
Threat Actors Motives Core Threats
Advanced Persistent
Threats (APT)
Cyber
Criminals
Hacktivists
Financial Gain: TMT customer
data, accounts, and software are
lucrative assets that are bought,
sold, and traded on underground
markets.
Intellectual Property (IP):
Nation-states and competitors
seeking to gain competitive
advantages by stealing
intellectual property.
Geopolitical Agendas: State
and non-state actors target
news outlets and social media to
spread misinformation and
propaganda
IP Theft
Fraud & Account
Compromise
Technology Supply
Chain
Misinformation &
Propaganda
Black Market for
Cracked Software
2
Execut i ve summary
3. Threat Landscape | Technology, Media, and Telecommunications Industry
Observat i on 1 | I nt el l ect ual property t hef t
Threat Actor
Threat Motivator
Lessons Learned
Sensitive business processes, customer data, and IP that drive TMT revenue streams are
valuable to cyber criminals, competitors, and nation states. The monetary value placed on
this IP puts clients at high risk and potentially be crippling should IP were to be stolen or
leaked.
Nation states, cyber criminals, and competitors: TMT IP can be used to further a
nation state or competitor’s economic agenda or sold for profit on criminal markets and
forums.
Financial and Economic Advantage: National states and competitors typically target
TMT IP to support their own economic and technological advances. Cyber criminals often
steal TMT IP in attempt to monetize stolen data on criminal markets and forums.
Malware tools used by cyber criminals and nation states, such as Remote Access Trojans
(RATs) and various other forms of information-stealing malware, pose a significant threat
to TMT’s intellectual property and sensitive commercialized information.
3
4. Threat Landscape | Technology, Media, and Telecommunications Industry
Threat Actor
Threat Motivator
Lessons Learned
Threat actors commonly target TMT websites with digital skimming tools used to steal
customer data as it is entered into forms. Account checkers are also commonly used to
analyze stolen credentials for email providers, video streaming services, social networks,
mobile, and telecommunications providers, and retailers.
Cyber Criminals: The sale of account credentials and personally identifiable information
(PII) is a lucrative business with hundreds of listings across criminal markets and forums.
Financial Gain: Account checking and digital skimming tools enable threat actors to scale
operations and continuously restock their inventory.
As online shopping and TMT services become more popular the criminal community will
almost certainly continue to seek opportunities to make profits by selling stolen account
credentials and PII.
4
Observat i on 2 | Dat a t hef t & account compromi se
5. Threat Landscape | Technology, Media, and Telecommunications Industry
Threat Actor
Threat Motivator
Lessons Learned
Both firmware supply chain and software supply chain attacks have been used as infection
vectors to launch large-scale attacks on the TMT industry in 2017 and 2018.
Nation States and Cyber Criminals: The use of supply chain attacks as an entry vector
is not limited to a specific threat actor type. However, in recent years, these types of
attacks have been largely attributed to both nation states and cyber criminals.
Widespread or Targeted Infection: Supply chain attacks allow the attackers to target a
large number of downstream users and organizations with a single attack.
Organizations should manage supply chain risk at each phase of an acquisitions lifecycle:
initiation, development, configuration/deployment, operations/maintenance, and disposal.
It is critical to develop strategy and policies to enforce the continuous patching and
configuration audits to confirm that each information system is compliant with the
organization's security baseline and standards.
5
Observat i on 3 | Suppl y chai n at t acks
6. Threat Landscape | Technology, Media, and Telecommunications Industry
Threat Actor
Threat Motivator
Lessons Learned
Media outlets are increasingly popular targets for threat actor groups that are operating
with the goal of achieving a defined political agenda.
Nation States and Hacktivists: Both have been known to target media organizations
and journalists.
Geopolitical Agenda: The targeting of media organizations can be used to spread
propaganda and misinformation. The strategic objective is typically to manipulate public
option or instill distrust in the opposition’s governing body.
Attacks that pose a threat to the integrity of media outlet reporting can be a harbinger for
substantial reputational harm.
6
Observat i on 4 | Mi si nf ormat i on & propaganda
7. Threat Landscape | Technology, Media, and Telecommunications Industry
Threat Actor
Threat Motivator
Lessons Learned
As software prices increase, so too does the black-market economy for cracked software.
The market for cracked software extends across nearly all TMT verticals.
Cyber Criminals: There has been flourishing marketplace for cracked software run by
cyber criminals.
Financial Gain: License keys required to unlock software products are cracked and sold
on underground markets for profit.
Threat actors commonly sell cracked computer games, office productivity software,
graphic design software, various financial applications, and a multitude of other common
home and business applications. On the more extreme end of this spectrum, numerous
actors have distributed specialized industrial software including engineering and
architectural design tools.
7
Observat i on 5 | Bl ack market f or cracked sof t ware