The cost of the Nine cyber attack could top $1million
March 29, 2021 |
For the proverbial 15 minutes cyber attacks are now the focus of Australian media in light of the cyber attack that laid low Channel Nine in Sydney on Sunday. Perhaps a slight exaggeration. But data security issues are dealt with quite superficially in the main.
The Australian reports that the Nine cyber attack could cost $1million in remediation costs. The cyber attack was a ransomware attack without the ransom. That is the malicious software encrypted files but the attackers did not demand payment, the ransom, in exchange for the decryption key.
I never cease to be amazed how the reporting of insights from experts on how the data breach may have occurred, the problems with data security and the need to improve has such a breathless quality. It is as if it has been discovered for the first time. I have been posting on this and other cyber security and privacy issues for more than a decade.
But now cyber security is a hot topic the Australian reports on another cyber attack, this time on Taylor wines. As usual the details of the attack are vague to the point of meaningless. That is unfortunate as some more detail can educate the market.
But, to belabour the point, there needs to be proper regulation and enforcement of those regulations to improve cyber security standards and compliance. That means malefactors face consequences in court. Without some high profile litigation or prosecutions businesses will not put the time and effort into ensuring they maintain effective privacy and data security protections.
The Australian article provides:
The ransomware attack on Nine could cost the company more than a million dollars, depending on how long the outage lasts and if Nine is being asked to pay a ransom, cybersecurity experts say.
And with no “Cyber Avengers” ready to swing to their defence, companies must be better prepared to defend against attacks, they say.
The cyber attack, which is thought to be the work of a nation state such as Russia or China, began Saturday night with employees losing access to email. By Sunday morning Nine’s live broadcasts were disrupted and viewers were shown prerecorded shows, while the paywalls of The Sydney Morning Herald, The Age and the The Australian Financial Review were all taken down. Journalists were also unable to upload their stories.
It’s understood all employees were asked to perform security checks of their devices on Monday morning before starting work, with unknown files appearing on some employees’ desktops.
The chief executive of Canberra-based cyber security provider ArchTIS Daniel Lai said the attack would likely cost the network at least a few hundred thousand dollars and likely more than a million, and the cost of recovery will be immense for the company.
“Now they will need to go back and clean the systems if they can, there’s going to be a huge data recovery exercise and a whole process of investigation or forensics that will go with it,” Mr Lai told The Australian.
“Then there’s obviously the cost of doing all of that the movement of their operations from Sydney to Melbourne, to continue to operate. All of these are enormous costs.”
The executive said Australia’s current cyber security strategy is falling short of the current needs as cyber-attacks continue to play out daily.
“It seems to me that the current cybersecurity strategy that the government‘s put out is not addressing the current issue,” he said.
“There‘s a lot of legislation that needs to be addressed this issue, and effectively put in place.
“There‘s a number of Australian companies out there today which consists in these things, and they’re not being leveraged by the current policy.
“We don‘t know how the ransomware attack was executed, but it the potential vulnerability of moving people in and out of working from home could mean that there was less protection on some of those endpoints.”
Mr Lai said that the situation is going to require constant management by Nine to prevent another attack.
He said that the number ransomware attacks has grown significantly, as attackers have the ability to easily work out how much a business can afford to pay and how much its data is worth.
“It can happen from anywhere from a chemist to a local accounting practice, all the way up to an organisation such as Nine which is a sophisticated, well-run enterprise,” Mr Lai said.
“It‘s quite an effective mechanism of generating income, because it’s often cheaper to pay the ransom than it is to have a backup system in place and the right level of security. Most people don’t know what the right level of security is.”
Nine Entertainment has been the target of a major cyber-attack which left the channel unable to broadcast some of its most popular weekend shows. Staff have been ordered to work from home until further notice due to disruptions which extended beyond its broadcast media operations. Staff from The Sydney Morning Herald, The Age and The Australian Financial Review have been advised not to connect to the company’s computer network. The company released a statement which read “a cyber-attack on our systems has disrupted live broadcasts, however, we have put processes in place to ensure we’re able to resume our normal broadcast schedule.”
He added that for a business, whether it be a large media company or a small enterprise, cyber security insurance isn‘t necessarily going to protect against a ransomware attack.
“Once you‘ve got been held hostage, you’re thinking very differently about the situation than just saying oh well I’ve got insurance. It’s a question of whether or not you’re going to go out of business.”
Jacqueline Jayne, Security Awareness Advocate at Knowbe4, said there was a high chance the attack was perpetrated via a phishing email, and was likely the work of a nation state actor such as China, Russia or North Korea.
“The cybercriminals sent out malicious emails to Nine employees. These emails are known as phishing emails and are designed to prompt the reader to act without thinking,” she said.
“Someone has clicked on a link to a document or opened an attachment or entered their login details into a fake web site. These unintentional actions result in malicious software being deployed. In this instance, it’s called ransomware. Once deployed onto a system, the user might see a message up on their screen that lets them know their data, system, files, etc. have been locked and the only way they will be unlocked is if a ransom is paid.
“Sometimes however no ransom is demanded as it all comes down to the intent of the attack itself. Major disruption can be the endgame or extortion is also an option.”
Ms Jayne said that if the attack wasn’t conducted through a phishing email, it might have been via RDP (Remote Desktop Protocol).
“RDP is software that allows one computer to interface with another – like when your IT person can access your computer from a different location. There has been a big jump in this form of cyberattack as the majority of us moved to remote work in 2020,” she said.
“Unfortunately, there are no ‘Cyber Avengers’ ready to assemble. We must look at prevention and reducing our cyber risk by using our biggest asset – people. By turning people into a strong human firewall with new-school security awareness training and enable your users to make smart security decisions every day.”
Edith Cowan University Associate Professor Paul Haskell-Dowland said that addressing incidents such as the Nine attack requires a careful approach.
“Limiting the spread is important, and identifying the infection vector and preventing further outbreaks is the first step,” he said.
“Most major countries have offensive cyber capabilities. It is certainly feasible that Russia has the technical capability to deliver the attack.”