Weather Channel's morning show interrupted due to malware attack

The Weather Channel's morning show “AMHQ” was interrupted due to malware attack

A malware attack interrupted the Weather Channel's morning show

According to the latest news, The Weather Channel^[1] was not able to display its “AMHQ” morning show due to a malware attack launched on the organization's network. The show was supposed to take place at 6 AM, however, rather than seeing it, people faced a recording of a Canadian reality TV show “Heavy Rescue: 401”.^[2]

Operators returned with the initial schedule at 7:39 AM, when they and also explained that the malicious software was the cause of the incident, rather than technical difficulties:^[3]

We experienced issues with this morning's live broadcast following a malicious software attack on the network. We were able to restore live programming quickly through backup mechanisms. Federal law enforcement is actively investigating the issue. We apologize for any inconvenience to viewers as we work to resolve the matter.

Additionally, one of the most renowned weather broadcaster Jim Cantore also confirmed malware attack live saying:

The Weather Channel, sadly, has been the victim of a malicious software attack today

Currently, it unknown what type of malware was involved in The Weather Channel incident, neither who was behind the attack, although some researchers believe that it might be ransomware, such as LockerGoga.^[4]

Social media networks are also becoming vulnerable to malware attacks due to the technology used

The Weather Channel apologized for the incident and explained that federal law enforcement is taking care of the situation, currently performing a deeper investigation of the malware attack. Such event is a good example for social media networks and news stations, as it shows that not only health or production industry is at risk of cyber attacks.

Since television-based content is now being carried through IP networks, various malware attacks can reach media companies just as easily. However, such attacks might impact much more than just a missed weather forecast. TV broadcast hijacking might push malicious actors' ideologies, interfere with important news announcements and even fuel the extortion attempts.^[5]

Incidents like these demonstrate the reputational risk and potential public-safety issues introduced by cyber-attacks in the broadcasting sector, and we can draw some parallels to critical infrastructure protection in that the defensive strategy must evolve along with modernization efforts

A similar attempt was launched on TV5Monde, a French TV network

Cybersecurity specialists are deeply concerned that an increased number of cyber attacks against a variety of industries can compromise a variety of sectors, such as customers' personal data, as well as confidential business information. Therefore, enterprises need to take up more precautionary measures to prevent similar cyber attacks from happening in the future. As of now, however, media and news organization malware attacks are quite rare. Nevertheless, The Weather Channel is not the only one that has become a victim of such an attack.

The attempt took place in 2015 and was launched on a French TV network TV5Monde. Sadly, this attack did not end that successfully as some networks experienced damage. Once the forensic investigation was complete, it was found that the responsible hacker group was known as Russia's APT28^[6] (also recognized as Fancy Bear, PawnStorm, Sednit). Additionally, this attempt was launched by using dangerous malware for political purposes.