The media sector’s pervasive global presence, widespread delivery of digital content, and powerful influence over public opinion makes it an appealing target for cybercriminals, hacktivists, and even state-sponsored actors motivated by financial, political, or personal gain.

While the current cyber and geopolitical landscapes continue to exacerbate these conditions, Flashpoint enables media organizations to bolster defenses, inform decisions, and mitigate a broad spectrum of cyber, fraud, and physical risks, some of which include:


Threat actors interested in insider trading have long sought the proprietary data and intellectual property harbored by the media sector. From merger and acquisition (M&A) documentation and journalistic trade secrets to unreleased news segments and film scripts, any information that could impact a company’s future stock value remains in high demand within illicit communities.

Flashpoint’s online illicit community visibility enables media organizations to mitigate insider trading risks. Recently, Flashpoint analysts monitoring a Russian underground forum observed a threat actor seeking to infiltrate U.S. media outlets via spear phishing in search of press releases detailing upcoming M&A deals. After determining the actor’s claims were likely valid and tied to previous insider trading schemes, Flashpoint worked with the named media outlets to safeguard data appropriately and remain on alert for spear phishing.


The state-sponsored propagation of “fake news” surrounding several high-profile elections has raised concerns about the media sector’s susceptibility to exploitation by disinformation campaigns. Given that many media organizations are highly-visible and continue to play a prominent role in shaping public opinion, they serve as desirable targets for malicious actors in search of vectors by which to disseminate false or misleading content for political gain.

Flashpoint’s fluency in 13 languages and visibility throughout illicit communities facilitates the quick detection of disinformation campaigns. In one scenario, Flashpoint analysts identified two actors on an illicit forum who were promoting services that permitted actors to place and disseminate “fake news” content on the website of a well-known news organization. Upon this discovery, Flashpoint immediately notified the organization so they could monitor for “fake news” affiliate content and proactively screen prospective advertisers appropriately.


Media executives are often the focal points of press coverage and public interest. Unfortunately, some executives as well as many journalists--particularly those linked to controversial works or causes--may also receive unwanted attention from malicious actors motivated by financial, political, or personal gain. Since many actors’ schemes are conceived within illicit communities, executive protection teams without visibility in these online regions may not be aware of all cyber and physical threats to which their executives are susceptible.

Many of Flashpoint’s analysts possess physical security skills honed during time served in the U.S. military. This cyber-physical acumen enables organizations to proactively address a full spectrum of threats facing their executives. Recently, when a well-known media figure planned to attend the premiere of his company’s new (and arguably controversial) film, the company used Flashpoint’s intelligence to identify, investigate, and mitigate risks posed by previously-unknown physical threat actors located in the event’s vicinity.


While instances of cyber extortion have historically plagued the healthcare sector, more threat actors seeking increased ROI are turning to the media sector. Since many media organizations maintain access to unreleased film scripts, images, television segments, and other types of desirable content, malicious actors who gain access to such content--either by exploiting vulnerabilities, phishing, or other means--are recognizing that extorting this access can be extremely lucrative.

By continually monitoring illicit communities, Flashpoint analysts often detect planned extortion campaigns and related threats before they materialize. Recently, Flashpoint identified a well-known extortionist’s plans to leverage a zero-day vulnerability in a large entertainment company’s remote desktop protocol (RDP) servers to gain, and extort access to, an unreleased episode of a popular television show. The actor claimed that if their monetary demand was not met, they would release the episode publicly, likely causing the company substantial damages. In response, Flashpoint immediately alerted the company so they could patch the vulnerability, strengthen user-access controls, and safeguard data to reduce further exposure and avoid extortion.

Did this answer your question?