In recent times, the media & entertainment industry has become the prime target for ransomware. Large organizations such as Disney and Sony as well as A-list celebrities such as Elton John and Lady Gaga, have faced a cybersecurity attack. The complexity and number of these ransomware attacks are growing by the day. A survey by Sophos which found that the media & entertainment industry suffered the most with nearly 60% of organizations reporting ransomware attack. Most of the attacks are centered around social media, which leads to phishing campaigns and opens the door for malware to come inside the network. The cost of remediation of such attacks is exorbitant and often linked to the size of the organization. To address this challenge, Wipro has designed a holistic approach to prevent and remediate ransomware attacks by granular assessment of all the security controls.
Multiple actors and security web in media & entertainment industry
The most valuable asset for the media & entertainment industry is content. In a bid to match consumer habits and preferences, media & entertainment companies explore many channels. Among them, mobile and streaming devices are leading the steady growth of the digital content. Media & entertainment executives explore several avenues to keep with the explosion in digital content market. They collaborate with mid-sized and smaller network owners and studios, vendors, making the value chain longer.
The other factor is increased usage of social media platforms for outreach and publicity. The always-on social media has posed trust issues and challenges for a long time now. Beyond connection and sharing, social media platforms have become gateways for consuming content in various formats. In a survey by Deloitte, 60% of respondents felt that social media companies are responsible for the content people post on their platforms. The security risk factors in the media & entertainment ecosystem have increased manifold with multiple actors at play. Organizations need to integrate all the links in their chain for an effective cybersecurity strategy.
Cybercriminals have recognized the opportunities that online platforms and multiple actors in the ecosystem represent for the media & entertainment industry. The cost of remediation is effectively based on the market presence and revenue potential of the organization. Today commodity malware allows hackers to run successful campaigns as it is easier to implement, and may not require a Command & Control (C&C) server to execute. They are easier and cost efficient ways to extort money, by enabling threat actors in enterprise networks using lateral movement, escalation of privileges, exploitation of vulnerabilities, and data exfiltration.
Types of ransomware and attack vectors
A ransomware is malware that encrypts the victim’s files and then demands a ransom be paid to decrypt the files. Leveraging social engineering techniques, by sending phishing emails with a malicious attachment in them, an attacker can gain access to the system after the user has opened the attachment. This process downloads the malware’s executable file, installs it, and scans for files on the system to encrypt them. Using drive-by malware or users browsing infected content in a website downloads the malware, which looks attractive for the user.
Attackers use Bitcoin to get ransom payment, which allows them to remain anonymous and the transaction to remain untraceable by the authorities. In a typical scenario, no additional action is required by the attacker using any communication channel to retrieve the victim’s files. Certain variants of ransomware do not even require communication to obtain the encryption key for file encryption as they come packaged with a pre-determined public key.
Security control measures taken by enterprises today
Enterprises today take several steps to mitigate cyber security threats. We underscore here the most prevalent actions taken by media and entertainment companies to thwart such risks.
Wipro’s framework for ransomware attack management
Wipro’s Cybersecurity and Risk Service can help you stay ahead of the threats. We take a holistic view of all the security controls that prioritize not only prevention but also minimize risk and control loss.
Ecosystem of Security Controls & Ransomware Attack
Figure 1 depicts the different phases and mechanisms of compromise. Every security control mentioned in the Figure has a significant role in prevention or propagation of ransomware in the infrastructure, which Wipro has derived based on the MITRE ATT@CK framework. Failure to meet the control efficiency can result in an attack.
Media & entertainment enterprises should adopt a framework that maps their journey - before, during, and after production and release. Timely action can help prevent any ransomware from propagating the infrastructure and mandating costly remediation.
Wipro provides detailed assessment of maturity for security controls to protect against ransomwares. The output shows heat map of control existence, maturity level & priority-based recommendation to fix the gaps. Reach us at cybersecurity.services@wipro.com for more information and quick discussion on this topic.
Angshuman Chattopadhyay
Infrastructure Security within Cybersecurity and Risk Services, Wipro
Angshuman is the Consulting & Solutions Lead for Infrastructure Security within Cybersecurity and Risk Services at Wipro. He brings extensive experience with over 19 years in IT and cybersecurity across a wide range of global roles.