The reach and profile of entertainment companies make them an attractive target for a diverse group of adversaries, each with their own motivations and methods. Insiders, content pirates, hacktivists, and state-sponsored attackers—all of these threats pose a tangible risk to the financial, legal and reputational standing of entertainment companies. In Hollywood, even the comparatively benign publication of private information, messages, or images can have an outsized effect given the importance of brand, celebrity, and professional relationships..
A 2015 whitepaper by NewBay Media reported that 28% of media organizations admit to being the target of a cyber-attack and the volume of attacks will only increase. In this article we’ll look at a few of the major cyber threats that entertainment companies should be taking steps to mitigate.
Protecting creative content from being leaked or viewed without authorization is a major concern for entertainment companies. After investing millions of dollars to produce a film, producers and studios must protect their investment from the many insiders that will have access during the post-production process.
Of course, this means identifying and stopping malicious insiders who are trying to access restricted databases or connect to networks outside of the organization, in order to leak the film or related assets. However, not all “leaks” are malicious. With social engineering techniques such as spear-phishing—wherein an individual with a high access level is targeted or spoofed—lower-level employees can be tricked into breaking procedures and sharing information with an attacker, such as access credentials. With the right credentials, an attacker can easily move across an unsegmented network, looking for administrator computers or easy passwords. Unreleased content or sensitive insider information may only be a few clicks away.
Entertainment companies are often high-profile cultural symbols, especially in the eyes of state-sponsored cyber adversaries. This fact was made clear by the devastating 2014 hack against Sony, which is widely believed to have been perpetrated by North Korea. The Sony hack, which used ‘wiper’ malware to destroy massive amounts of data, also resulted in an alleged 100 terabytes of data being stolen, with much of it leaked publicly.
The stolen data included digital copies of movies that had not yet been released, as well as confidential corporate information including communications, accounting, and strategic documents. The attack brought down Sony’s entire network for weeks, because they had to rebuild it from scratch.
The Sony attack may just mark the beginning of the era of state-sponsored hacking of entertainment companies. In the years since, the Russian and Chinese governments have both been implicated in attacks against European media companies.
In most industries, leaked emails are only newsworthy if they are discussing something illegal. It’s hard to imagine the media getting too worked up about telecom executives gossiping about a colleague. But in Hollywood, that “colleague” might be an A-list celebrity, prompting newspapers and entertainment journals alike to report on the story.
This is what happened to Sony. In addition to leaked movies, leaked emails caused the company a great deal of embarrassment and reputational damage. The public has a voracious interest in celebrities, and the internal emails of a media company offer an voyeuristic look into the normally-off-limits working lives of famous people and those that work with them. For magazines, news media and websites like TMZ, it’s a remarkably easy sell.l.
Not all attacks are about stealing information. Whether they are ‘hacktivists’ reacting to so-called offensive content, cyber-terrorists upset with the portrayal of a religious message, or hackers wanting to show off their skills, some attackers just want to cripple or destroy their target.
In 2015, a group of Russian hackers knocked French TV channel TV5Monde completely off the air. If the outage had lasted much longer, the channel might not have ever recovered. The motivation for the attack is unclear, but it is evident that the intent was destruction, not profit. It takes entertainment companies longer than other companies, on average, to detect a system intrusion, and this incident was no exception. Hackers were in TV5Monde’s system for two-and-a-half months without being detected, giving them time to conduct reconnaissance and design custom malware for the attack.
As noted in this SANS whitepaper, Sony did not properly deploy incident response during the 2014 hack. This lack of preparation is surprising, considering that Sony’s PlayStation gaming division was the victim of another large hack in 2011. Somehow, they failed to apply lessons learned from that incident and apply corrective action across their operating divisions, however independent they might be.
The entertainment and media industry relies increasingly on digital assets to market, distribute, and produce their creative content and intellectual property. Yet many struggle to implement centralized incident management strategies that can cover the entire incident lifecycle, including SIEM integration, incident response playbooks, threat intelligence enrichment, and forensic case management.
Fortunately, the D3 Incident Management Platform provides major entertainment companies—including Paramount, Viacom, NBC, News Corp, and more—with a platform that can satisfy the needs of their multiple divisions and security operations. Click the button below to see first-hand how D3 can make your company’s incident response streamlined and consistent..