A day after live streams for its radio and television stations were attacked by hackers in an apparent ransomware incident, Cox Media Group properties across the country were still largely unavailable.

Cox Media owns 65 radio stations in 11 markets, 33 television stations in 20 markets, and several multi-platform streaming video and digital platforms. The TV stations, in markets like Boston; Pittsburgh; Dayton, Ohio; Seattle; and Tulsa, Oklahoma are a mixture of major network affiliates like ABC, Fox, CBS, NBC and My Network TV and independents. 

According to a report in Inside Radio, the attack began on the morning of June 3, and was apparently centered on internal networks and live streaming capabilities such as web streams and mobile apps at the Cox Media properties. Websites for the stations and most programming remained unharmed, but according to Inside Radio some live stream programming and newscasts had to be canceled. 

The attack apparently didn’t affect traditional pay TV feeds for the channels. Dish Network, which reached a carriage deal with Cox Media for about 14 channels in December, said it experienced no issues with the broadcaster. 

Cox Media representatives did not return requests for comment, but according to reports, several stations informed employees to shut down their work computers and phones on June 3.

NBC News reported that at least two stations — ABC affiliate WFTV in Orlando, Florida, and NBC affiliate WPXI in Pittsburgh — were affected, with WFTV telling workers to stay home Thursday.  Other reports claimed that Cox stations in Charlotte, North Carolina ABC affiliate WSOC-TV and Tulsa Fox affiliate KOKI-TV were affected as well. As of Friday afternoon some reports said a few of the stations were beginning to resume their online streams, but streams for Cox Media radio stations were still unavailable.

As of 6 p.m. ET Friday, online streaming for Cox Media’s Alexandria, Louisiana ABC affiliate KLAX-TV, Atlanta ABC affiliate WSB-TV, Boston Fox affiliate WFXT, Dayton, Ohio CBS affiliate WHIO-TV, Charlotte ABC affiliate WSOC-TV, Orlando ABC affiliate WFTV and Tulsa Fox affiliate KOKI-TV was either unavailable or showing partial replays of old newscasts. 

Streaming services like Hulu Live, which carry local broadcast streams, also were impacted. Hulu Live temporarily replaced WSB-TV’s broadcast feed with ABC News Live until the local feed was restored. 

According to a report in cybersecurity publication The Record, Cox Media employees were saying earlier this morning that they had shut down their systems in time and that they “should be back up and running soon.” 

The attack comes shortly after some high-profile ransomware incidents, including the May hack of the Colonial Pipeline which choked off gasoline supplies up and down the East Coast for days. Colonial  reportedly paid $4.4 million to hackers to get fuel flowing again. Earlier this month, meat producer JBS shut down nine beef plants in the U.S. after a similar ransomware attack.  

On Thursday, deputy national security adviser Anne Neuberger issued an open letter urging companies to take security precautions to protect against ransomware attacks.

WASHINGTON -- White House press secretary Josh Earnest says the American people should not be worried about the government hacking their phones at will.

That came in the wake of the news that the FBI had hacked into the iPhone of Syed Farook, one of two mass shooters involved in the Dec. 2, 2015, terrorist attack on the Inland Regional Center in San Bernadino, Calif., without Apple's help, and had dropped a court effort to force the technology giant to comply.

Asked at a press conference whether the American public had any presumption of privacy, given law enforcement's ability to hack into phones, Earnest said "absolutely."

"[T]he reason that they should be confident in that privacy is because there are laws on the books that are assiduously followed by our law enforcement and national security officials that protect the privacy of the American people."

He said the way the Apple-FBI debate played out in the courts was a case of the system working as it should, and that President Obama shared that sentiment.

“The whole debate between Apple and the FBI in the context of this investigation was actually taking place not between the two of them, but actually in a court of law — because there was a judge that was presiding over this debate to ensure that the privacy of the American people was protected,” he said. “And that is the way that our system should work, and that is why people can have confidence in their right to privacy — because we know that there are laws that are on the books that are assiduously followed by our national security and law enforcement professionals to protect that privacy. And we have a whole judicial branch that understands that they have a need to interpret that law to both protect our privacy but also to keep us safe.  And that is essentially, in the mind of the president, exactly how this process should play out.”

As an unsavory group, phishing, hacking and malware together comprised the number one cause of data security "incidents."

They caused 31% of all breaches, according to the second annual Data Security Incident Response Report from BakerHostetler, which analyzed more than 300 such incidents the law firm helped manage.

Rounding out the top five causes, in order, were employee actions/mistakes (24%), external theft (17%), vendor-related incidents (14%) and internal theft (8%). Just outside the top five, at 6%, was improper records disposal.

The study found that the average time between a breach and detection was in excess of two months (69 days), and in at least one case well more than a year. Almost a quarter (24%) of the breaches resulted in a regulatory inquiry, and litigation was begun in 6% of the cases.

More than half of the breaches (52%) were self-detected.

Apple CEO Tim Cook wasted little time March 21 addressing his company’s current fight with the government, which has the Justice Department and FBI looking to force Apple to unlock an iPhone owned by one of the San Bernardino, Calif. shooters.

Apple and the government will begin arguing their cases March 22.

“We built the iPhone for you, our customers, and we know it’s a very personal device,” Cook said at an Apple event live-streaming over the Internet. “We need to decide as a nation how much power the government should have over our data and our privacy.”

“We did not expect to be in this position, at odds with our government. We owe it to our customers, and we owe it to our country. We will not shrink from this responsibility.”

For more of this story, please visit broadcastingcable.com.

Arris said the risks are “low” with respect to a report from a Brazilian researcher who claims that about 600,000 cable modems from the supplier are vulnerable to previously undisclosed “backdoors” that could leave the devices open to hackers.

"While researching on the subject, I found a previously undisclosed backdoor on Arris cable modems, affecting many of their devices including TG862A, TG862G, DG860A," Bernardo Rodriques noted in this blog item posted November 19. He said the backdoor affects “over 600.000 externally accessible hosts.”

In an email to Multichannel News in response to Rodriques’s findings, Arris noted that the company had implemented this access method on certain cable modem products to provide access to technicians, but has since disabled that access in order to minimize any risks to subscribers.

“Security is a top priority at ARRIS,” the company said, in a statement. “When it comes to our network and customer premises equipment products, we work actively with security organizations and our Service Provider customers to identify and quickly resolve any potential vulnerabilities to protect the consumers who use our devices. We are aware of the recently reported password vulnerability. The risk related to this vulnerability is low, and we are unaware of any exploit related to it. However, we take these issues very seriously and review them with the highest priority. Our team has been working around the clock on modem updates that address this reported vulnerability.”

Per Rodriques’s findings, firmware in the affected modems shipped with an undocumented "libarris_password.so" library that essentially acted as a backdoor for privileged account logins that supplied a different custom password for each day of the year. “ARRIS password of the day is a remote backdoor known since 2009,” he explained. 

A Comcast employee noted on the DSL Reports message board that the MSO does not use the Arris default password of the day, and filters external access to the modem.

However, a network engineer claiming to be with a “large MSO in Mississippi,” said the operator learned about the backdoors last week “and have been scrambling to close the holes.”