HBO hack continues ransomware extortion trend

[grimm]

Another cyberattack has surfaced, providing more evidence of the risks that companies face with cyber intrusions. In a similar attack pattern that we’ve seen before, the hackers break into the internal IT network of a studio and then attempt to blackmail one of Hollywood’s biggest brands — sound familiar? You might have seen this episode before. Last week HBO was hit in a massive cyberattack which the hackers claim took six months of planning. The hackers breached the servers of HBO and reportedly stole over 1.5TB of information, including unreleased Game of Thrones episodes, upcoming episodes of Ballers and Room 104, as well as sensitive documents ranging from internal emails and financial reports to litigation claims. The attack was financially motived, with the group responsible demanding an estimated one million dollar ransom. If being a victim of a cyberattack wasn’t bad enough, hackers are using every tool at their disposable to put pressure HBO. In this instance the hackers announced the leak by sending private emails to a group of selected reporters with links to the leaked material.

Hackers have studios in their sights

The entertainment industry has been a target of cyberattacks for a number of years now, with cyber criminals being lured in by their weak security systems and the potential for massive payouts. Years ago, the goal of hackers was simply to steal content and share it online but recently there has been a shift to extortion and in some cases destruction.

The infamous Sony hack in 2014, ascribed to the North Korean government, seems to have marked a turning point of sorts in threats of this nature and put attacks like this on the main stage. While the Sony attack was purely destructive, the HBO attack appears to be financially motivated. The profile and huge reach of entertainment companies make them an extremely attractive target for a diverse group of adversaries.

HBO isn’t the only high-profile data breach case we’ve seen this year, just a few months ago in April a hacker group known as TheDarkOverlord leaked the first 10 episodes of Orange Is The New Black. In that incident, the hackers stole movies and TV episodes from several movie studios including Netflix, FOX, IFC, NAT GEO, and ABC. Cyber criminals have production studios in their sight, and there is no sign of them slowing down.

The industry with a target on its back

Ransomware is most effective in situations where the stakes are high and there is an extreme urgency to pay. Hospitals, for example, are another popular ransomware target because lives literally depend on returning infected IT systems to a working state. For HBO and other entertainment companies, the stakes are clearly high because their industry’s worth is estimated $2.7 trillion globally — HBO’s revenue alone is estimated at $8Bn. Hackers can easily create urgency for these companies to pay the ransom by simply threatening to post their content online. The industry’s most valuable asset — its content — is easy for hackers to identify and even easier to share online. This is a deadly combination for the entertainment industry and usually leads to easy profits for the hackers.

HBO’s chairman and chief executive, Richard Plepler, summarised the situation in one great comment, “The problem before us is unfortunately all too familiar in the world we now find ourselves a part of.”

Another challenge is that the industry remains in a digital growth spurt, and keeping up and protecting its vast supply chain is a task that has become even more complex. With so many different players, it makes it extremely difficult to control the flow of data.

Security measures are simply not good enough

Ransomware has become big business and in recent years has emerged as the tool of choice for hackers. Ransomware attacks grew by more than 600 per cent in 2016 over 2015, and cost victims more than $1 billion. This method is effective because many businesses are still using outdated antivirus solutions that cannot stop ransomware instead of newer tools designed to protect against today’s more advanced attacks.

Stopping modern attacks like the recent HBO example requires companies to modernise their defences. One key element is upgrading or replacing traditional antivirus products and finding solutions with behavioural protection logic that can spot the unique activity that is indicative of ransomware. This is a common feature of so-called “next gen” endpoint security solutions, but does not exist in the antivirus software that most organisations currently have deployed.

Hackers will always try to find and exploit any weaknesses and attacks like these serve as a reminder to businesses about the need to move away from antiquated antivirus software and update its security model to reflect the reality of the modern IT ecosystem.