Printing of Major US Newspapers Affected by Cyber Attack

Los Angeles Times, Chicago Tribune, Wall Street Journal, San Diego Union-Tribune and New York Times among titles affected by virus causing printing and distribution. Reportedly, the virus affected back-end production systems.

Was this a targeted attack? If so, what was the goal? Could an attacker alter and print content?

https://www.theguardian.com/technology/2018/dec/30/cyber-attack-disrupts-printing-of-major-us-newspapers

We have very little detail on the attack, but most likely this was a targeted attack and probably the initial infection was due to a user clicking on a phishing link in an email. Let's consider what controls could possibly prevent the attack in this scenario.

• User security awareness training may have prevented the user from clicking on the link in the first place.
• An email scanning service may have blocked the email or rendered the phishing link harmless.
• A firewall with up to date threat analysis may have blocked the domain the phishing link directs to. Or subsequent C2 traffic would have made the malware impotent.
• Similar for a secure web proxy.
• A malware analysis engine may have blocked the malware from being downloaded, for example malware analysis in a secure web proxy, firewall or standalone engine.
• Endpoint protection, either standard anti-virus or next gen endpoint protection.
• DNS filtering may have blocked a malicious domain, such as Cisco Umbrella or Akamai Threat Prevention. It may have defeated the initial download or blocked subsequent C2 traffic.
• Better detection, such as SIEM with threat intelligence.
• Improved response.
• Network segmentation to prevent lateral movement within the network.
• Privilege access management.

Actually, the more I think about this, and without knowing the specifics, there's a whole raft of controls that could conceivably have prevented this attack.