New Meaning of “Hacking your TV”
April 2015 by KuppingerCole
Last week the French television network TV5Monde was attacked by a group of hackers claiming to belong to Islamic State. They have disrupted broadcasts and hacked the websites and social media accounts of the French TV channel.
According to Alexei Balaganski, Senior Analyst at the independent analyst company KuppingeCole, this only confirms that the struggle between hackers and corporate security teams is fundamentally asymmetrical. “Regardless of its size and budgets, no company is safe from such attacks simply because a security team has to cover all possible attack methods, and a hacker needs just a one to succeed”.
“The first thing that attracted my attention was a statement from the network’s director Yves Bigot. He explained that they are trying to analyze what happened and how this very powerful cyber-attack could happen when they have extremely powerful and certified firewalls”. Analyzing and attributing a cyber-attack is a very difficult and time-consuming process, but according to the Senior Analyst, it is immediately clear that it has nothing to do with firewalls. “The technical details of the attack are still quite sparse, but according to a French-language publication, the hackers utilized a piece of malware written in Visual Basic to carry out their attack. In fact, it’s a variation of a known malware that is detected by many antivirus products and its most probable delivery vector could be an unpatched Java vulnerability or even an infected email message”, explains Balaganski. “This means that the only people to blame for the catastrophic results of the hack are TV5Monde’s own employees”.
Alexei Balaganski also believes that the other security practices of TV5Mode could be equally ineffective: “For example, the fact that all their social media accounts were compromised simultaneously could indicate that the same credentials were used for all of them, and complete disruption of their TV service is a clear indication that their broadcasting infrastructure simply wasn’t properly isolated from their corporate network”.
For companies to protect themselves from such attacks KuppingerCole advises consideration of the following facts:
• The days of perimeter security are over
• The number of possible attack vectors on corporate infrastructure and data has increased dramatically, and the most critical ones exploit normal traffic to work from within the network.
• Combined with much stricter compliance regulations, there can be dramatic financial and legal consequences from not having a solid information security strategy.
An overview of the top security mistakes with potentially grave consequences as well as the top cyber threats and possible countermeasures were recently published in the KuppingerCole’s Leadership Brief: 10 Security Mistakes That Every CISO Must Avoid and in the Advisory Note: Top Cyber Threats, which can be downloaded from the KuppingerCole website.