News Corp’s software supply chain attack proves the need for enhanced security posture

Journalists from News Corp have been targeted in a recent series of cyberattacks, which underscores the need to ensure adequate protection for organizations’ SaaS services. In this particular incident, the attackers were able to access News Corp’s systems since February 2020 or earlier.

It is reported that the hackers have had access to emails, documents on Google Docs, as well as article drafts.

Being a publicly-traded company, News Corp had to disclose this information in an SEC filing in early February, where it shared general information about the security breach. In summary, as described in the filing, the company discovered that one of the cloud service providers it utilized had been the target of persistent cyberattacks. 

Said cloud service providers are used to support the company’s various business operations and are thus considered upstream suppliers – hence the cyberattack being described as a supply chain attack.

A compromised cloud security posture

The attack on the media conglomerate underscores the need for extended security posture management, especially with the potential of News Corp did not specify what particular cloud services were compromised and how the attackers were able to gain access to these SaaS services. 

However, the news organization’s security advisors

Read More: