Malicious Attacks Abound: Broadcasters facing unprecedented cyberattacks adopting threat-based risk management
By Shaun Lim
While the way content is being consumed has evolved, and continues to evolve, beyond just the TV set, the traditional definition of a broadcaster remains that of an organisation transmitting programmes over the airwaves. How mortifying then, is the thought of a broadcaster unable to carry out the most basic function of delivering content to its audiences?
Unfortunately, that was exactly what happened to Australia’s Nine Network in March, when the largest cyberattack on a media company in Australia’s history brought the network’s news production systems to a standstill for more than 24 hours, causing several shows to go completely off-air.
Worryingly, this was not the first cyberattack on a major broadcaster, and is unlikely to be the last; certainly not in the climate that many organisations find themselves operating in today. Even as intrepid organisations are finding ways to overcome the uncertainty brought about by the COVID-19 pandemic, less than desirable individuals are exploiting the pandemic in more nefarious ways.
Consider this statistic from Interpol: Between January and April 2020, some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19 – were detected by one of Interpol’s private sector partners.
Interpol also observed a “significant target shift” from individuals and small businesses to major corporations, governments and critical infrastructures as the pandemic wreaks havoc around the world. With organisations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruptions.
Jürgen Stock, Secretary-General of Interpol, said, “Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.”
Broadcast companies are attractive targets for cyberattacks
While Interpol’s assessment is perhaps representative of a far-reaching range of industries and sectors, there are clear reasons why broadcast and media companies are attractive targets for cybercriminals.
A prominent attack on a national broadcaster creates the widespread attention that cyber attackers crave, and may also attract like-minded individuals to join their cause. With content being arguably the lifeblood of broadcasters, any attack, politically motivated or otherwise, can have equally dire consequences.
One of the most high-profile cyberattacks on a broadcast organisation happened in April 2015, when an attack on TV5Monde saw a dozen channels taken off-air, with the French broadcaster’s Director-General Yves Bigot claiming the attack nearly led to the “total destruction” of its systems.
Less malicious, but equally damaging, was the leak of an unreleased episode of Games of Thrones ahead of its TV debut in 2017. HBO later confirmed that the network sustained a security breach, which saw hackers reportedly stole 1.5 terabytes of data from its US servers.
Despite these high-profile incidents, broadcasters are still falling prey to common cybersecurity vulnerabilities as some struggle to adjust to the migration away from traditional dedicated systems to generic infrastructures based on the IP protocol, cautioned the European Broadcasting Union (EBU).
In a report published in early 2020, the EBU said that “broadcasters are now exposed to general cybersecurity vulnerabilities that had long been known about, and in many cases addressed within general enterprise data centres, in addition to traditional media threats such as revenue theft and video piracy.”
At a time when more and more broadcast functions are being managed across IT and connected networks, it is clear that broadcasters and media companies need to do more to protect broadcast systems and key network infrastructures against increasingly sophisticated cyberattacks.
Ransomware attacks on the rise
In June of this year, ABC affiliates WFTV in Orlando, Florida, and WSCO in Charlotte, North Carolina, as well as NBC affiliate WPXI in Pittsburgh, all of which are owned by the Cox Media Group, went completely offline in a coordinated ransomware attack on the parent company.
A ransomware attack, where a type of malware from cryptovirology threatens to publish the victim’s personal data or perpetually block access to it unless a ransom is paid, is increasingly on the rise, not only in the US, but also in Asia.
In July 2021, the Cyber Security Agency of Singapore (CSA) released its annual report detailing Singapore’s cyber landscape, and it made for grim reading — 89 ransomware cases were reported in 2020, a staggering 154% increase from the 35 cases reported in previous year.
CSA said: “Based on the reported ransomware cases, these local incidents were likely related to, and a consequence of, the global ransomware outbreak.
“The pervasiveness of ransomware was never more pronounced than in 2020, as ransomware cartels innovated their tactics at an accelerating pace to ride on the pandemic wave.”
Singapore telco Singtel, for instance, was hit by a ransomware attack in February this year, which saw the personal data of some 129,000 Singtel customers stolen after a third-party file-sharing system was breached.
Asia steps up to combat cyberattacks
To better manage cybersecurity risks in Singapore’s Critical Information Infrastructure (CII), Singapore launched a new initiative in March, which aims to help organisations establish best practices to better manage cybersecurity risks across their supply chains, including vendors that support their operations.
Under the new CII Supply Chain Programme, all CII owners – comprising 11 sectors responsible for the delivery of essential services in Singapore – will provide recommended processes and sound practices for all stakeholders to manage cybersecurity risks in the supply chain.
As the national media network providing an essential service, Mediacorp is a designated CII organisation in Singapore, thus subject to regulations under the Broadcasting Act and Cybersecurity Act.
These, said Tzer Yeu Pang, Head, Information Security Office, Mediacorp, are necessary to safeguard the security and integrity of Mediacorp’s information systems, at a time when cybersecurity threats continue to grow globally.
He told APB+, “As a CII owner, Mediacorp works closely with the Infocomm Media Development Authority and Cyber Security Agency of Singapore on comprehensive measures to safeguard our systems and broadcasting operations.
“Mediacorp’s broadcast infrastructure is securely architected and is designed to be separate from the Internet and enterprise IT networks.”
In the midst of the on-going pandemic, due consideration must also be given for employees who need to work on broadcast-related functions remotely. Describing this group of employees as “a minority”, Tzer said, “We provide each of them with a separate laptop that is used solely for connecting to the Internet and company network.
“We also regularly conduct training and exercises to enhance employees’ level of knowledge, alertness and responsiveness.”
Adopting a threat-based approach to risk management
With remote working likely to continue for the foreseeable future, Tzer also conceded that it is a near impossibility for cyberattacks to be entirely avoided. This in turn, has prompted Mediacorp to adopt a threat-based approach to risk management, which involves identifying the attack vectors through which key assets can be stolen or disrupted.
“From this, we then apply the relevant policies in tandem with appropriate physical and technical control measures to mitigate the risks. These measures are checked and tested regularly to ensure effectiveness,” he asserted.
Over in neighbouring Malaysia, Media Prima has, for many years, been equipped with ISO27001 Information Security and Management Systems (ISMS) certification, arising from the government’s insistence that all critical services in the country, including broadcasting, be certified.
Dr Ahmad Zaki, Director, Technical Operations, TV Network, Media Prima, said, “Besides ISMS demanding high levels of security and procedures to be put in place to ensure data security, we have also invested heavily to install various firewalls and security devices to ensure data safety and integrity in our IT services.”
For Good TV, a satellite TV platform in Thailand owned by the Next Step Company (NSC), content represents the heartbeat of the company, said Amornphat Chomrat, Managing Director, NSC. To mitigate the effects of any potential cyberattacks, NSC’s main network content is uploaded and stored on a secured cloud network, in addition to being backed-up on an offline hard disk drive.
NSC’s broadcast and satellite uplink facilities are also co-located with those of NT Telecom, said Chomrat. He explained, “We have a dedicated leased line network link between our office and uplink facilities to securely deliver content and maintain the system remotely.
“We have done remote maintenance before the pandemic, so we do not have any problem with doing work remotely with our remote facilities.”
Question: Malicious cyberattacks, while leading to blank screens and leaving broadcasters gasping for air, will not be the death knell but will they strengthen management’s resolve to take a more proactive threat-based approach to attacks on TV networks? Why, what & how can governments and broadcast unions/associations come together to mitigate the surge in such cyberattacks?
APB+ welcomes your views, comments and feedback as they will help us to understand further your concern for the broadcast industry. Kindly send your views to email@example.com.