In yet another example of politically-motivated cyber crime, French TV network TV5Monde was taken over by attackers claiming to be from Isis last week, leading the French Culture Minister to call for members of the French media to come together and tighten up their security. However, there are also some general security lessons that can be learnt from the attack and applied to any business or individual wanting to make sure they’re keeping themselves safe online.
Attackers claiming to be from Isis plastered threats on all 11 of the network’s channels and their social media between 10pm and 1am last Wednesday evening. The culture minister Fleur Pellerin says the attack is the most sophisticated attack the group has ever carried out, which led her to call media agencies to come together and make sure they are doing enough to protect themselves. The damage will take time to undo completely, and it’s likely the attack took weeks to prepare, as the network claims it has powerful firewalls in place already.
The country’s interior minister says the country has tightened up on cyber security after the Charlie Hebdo attacks; but Pellerin wants to assure herself “of their vulnerable points, any risks that exist and the best way to deal with it”.
Christophe Birkeland, vice-president of engineering at the US-based security firm Blue Coat Systems said: “This is a typical cyber-attack in today’s cyber landscape. The initial infection is probably either someone’s stolen credentials, probably for remote networking access, or the installation of a remote administration tool used to access deeper and deeper levels of the network and attack systems. Both of these attacks typically use social engineering.”
Social engineering, in this context, is where attackers try and manipulate people into giving information or installing malicious things – it works because of human biases, which are sometimes known as “bugs in the human hardware”. Phishing is a common example of social engineering as it asks users to clink on a link to download malicious software or give up personal information.
“Social engineering might be incredibly low-tech sometimes, but once you’ve got the compromise, most security systems are not set up to deal with the idea of someone using security credentials in a non-authorised way, which allows attackers to reach even the deepest, most secure sections of a corporate network, which is likely what has happened here,” said Robert Arandjelovic, also from Blue Coat Systems.
“Typically you have difference phases in an attack like this. The first one would be identifying who has the necessary access to the systems to actually do harm. Infecting just some random computer generally isn’t enough. They go to unprecedented levels and a great deal of effort during the planning phase, researching the targets as apposed [sic] to actually hacking them,” said Birkeland and Arandjelovic.
There are defences that organisations like this might normally use – separating out areas of their networks so that attackers can’t get in and then go wherever they like – but reports suggest that TV5Monde hasn’t been as on it as they could’ve been.
Awkwardly, the station also recently accidentally filmed a shot that had post-its with passwords on them. Other reports have blamed the attack on the station using weak passwords like ‘Qwerty12345’.
“It’s not possible to be 100% bulletproof in today’s cyberthreat landscape,” said Birkeland. “Instead, companies must be prepared for an attack, to detect it and implement systems to limit its impact as quickly as possible.”
Any business – whether you think you’re a target for an international terrorist group or just the everyday hacker looking to steal your data, steal your money, and generally ruin your day(/week/month/year/business) – should be putting precautions in place; and then have processes for when things do go south, which they inevitably will.
So, how do we ensure that we are keeping ourselves safe; essentially, debugging ourselves?
It’s primarily about education. All of this stems from an initial awareness of security and ensuring that you’re bearing it in mind (which the station probably wasn’t if they filmed passwords, and left the passwords on post-its in the first place). So, strong, protected passwords; penetration testing to check and fix vulnerabilities; and ensuring that you’re aware of any special requirements your set-up has (like separating out the broadcasting network from the computer/admin side of your system) is a vital first step. If your team doesn’t have the knowledge or time to make this a priority, then get some security experts in, as there’s really very little else as important as this for your business.
For more information on the security solutions available at UKFast, take a look at our website or give us a call on 0208 045 4945.