In recent times, the media & entertainment industry has become the prime target for ransomware. Large organizations such as Disney and Sony as well as A-list celebrities such as Elton John and Lady Gaga, have faced a cybersecurity attack. The complexity and number of these ransomware attacks are growing by the day. A survey by Sophos which found that the media & entertainment industry suffered the most with nearly 60% of organizations reporting ransomware attack. Most of the attacks are centered around social media, which leads to phishing campaigns and opens the door for malware to come inside the network. The cost of remediation of such attacks is exorbitant and often linked to the size of the organization. To address this challenge, Wipro has designed a holistic approach to prevent and remediate ransomware attacks by granular assessment of all the security controls.
Multiple actors and security web in media & entertainment industry
The most valuable asset for the media & entertainment industry is content. In a bid to match consumer habits and preferences, media & entertainment companies explore many channels. Among them, mobile and streaming devices are leading the steady growth of the digital content. Media & entertainment executives explore several avenues to keep with the explosion in digital content market. They collaborate with mid-sized and smaller network owners and studios, vendors, making the value chain longer.
The other factor is increased usage of social media platforms for outreach and publicity. The always-on social media has posed trust issues and challenges for a long time now. Beyond connection and sharing, social media platforms have become gateways for consuming content in various formats. In a survey by Deloitte, 60% of respondents felt that social media companies are responsible for the content people post on their platforms. The security risk factors in the media & entertainment ecosystem have increased manifold with multiple actors at play. Organizations need to integrate all the links in their chain for an effective cybersecurity strategy.
Cybercriminals have recognized the opportunities that online platforms and multiple actors in the ecosystem represent for the media & entertainment industry. The cost of remediation is effectively based on the market presence and revenue potential of the organization. Today commodity malware allows hackers to run successful campaigns as it is easier to implement, and may not require a Command & Control (C&C) server to execute. They are easier and cost efficient ways to extort money, by enabling threat actors in enterprise networks using lateral movement, escalation of privileges, exploitation of vulnerabilities, and data exfiltration.
Types of ransomware and attack vectors
A ransomware is malware that encrypts the victim’s files and then demands a ransom be paid to decrypt the files. Leveraging social engineering techniques, by sending phishing emails with a malicious attachment in them, an attacker can gain access to the system after the user has opened the attachment. This process downloads the malware’s executable file, installs it, and scans for files on the system to encrypt them. Using drive-by malware or users browsing infected content in a website downloads the malware, which looks attractive for the user.
Attackers use Bitcoin to get ransom payment, which allows them to remain anonymous and the transaction to remain untraceable by the authorities. In a typical scenario, no additional action is required by the attacker using any communication channel to retrieve the victim’s files. Certain variants of ransomware do not even require communication to obtain the encryption key for file encryption as they come packaged with a pre-determined public key.
Security control measures taken by enterprises today
Enterprises today take several steps to mitigate cyber security threats. We underscore here the most prevalent actions taken by media and entertainment companies to thwart such risks.
- Threat Monitoring
The 24/7 monitoring and analytics of security events to detect anomalies, triage of incidents leveraging SIEM, threat analytics tools.
- Threat Hunting and Response
Proactive hunting for malware, possible attacks, and alliances to build capabilities on breach investigation to handle a crisis. SOAR is used for response to certain known incidents.
- Threat Intelligence
Leveraging external tools and internal research to identify own and industry relevant threats targeting brands and people.
- User Awareness
Spread cyber security awareness among users by various training programs, attack / phishing simulation tools, and monitor people behaviors. Leverage users as the first line of defense against cyber attacks.
- Identity Management
Managed identity lifecycle for internal and external users, access management, SSO, deploy identity governance process, and privileged access management.
- Attack Surface
Perform continuous vulnerability scan and map preventive controls to improve security configuration. Define application security management process, regular penetration testing.
- Strengthen Security Controls
Fortify cloud, data, and infrastructure with network, endpoint, web, and email security controls. Strengthen data encryption tools, Loss Prevention (DLP), and data classification systems.
- Security Posture Monitoring
Deploy security compliance monitoring tools for the entire cyber security estate, control efficacy, and report efficiency of SOC and security operations.
Wipro’s framework for ransomware attack management
Wipro’s Cybersecurity and Risk Service can help you stay ahead of the threats. We take a holistic view of all the security controls that prioritize not only prevention but also minimize risk and control loss.
- If you’re in the middle of a ransomware event
Incident Response – perform triage of the attack, to understand the extent of the damage and spread of the attack. Contain infections, stop further damage, while helping to restore your data and operations.
- Measure effectiveness of current security controls and improve them
Ransomware Defense & Recovery Review– assess the impact a ransomware attack could have on your environment and identify gaps and opportunities to bolster their response and recovery procedures –recovering/rebuilding Active Directory, restoring network services, recovering endpoints, and applications, and threat actor eradication. This is delivered interactively with several discovery workshops, ransomware response scenarios, followed by recommendations to reduce impact and bolster recovery processes.
Cyber Resilience Diagnostic- conduct a technical analysis across all endpoints of your environment to identify a broad set of risks associated with endpoint management / hardening and security hygiene in which threat actors leverage to scompromise environments and stage ransomware and other malware deployment. The result is to reduce the attack surface by identifying those areas of high risk and address control gaps.
- If you need help keeping your environment under control
Managed Detection and Response– improve your monitoring and detection outcomes with a partner who dramatically improves your time to detection, your sophistication of detection, your 24x7 coverage and gives you the early warning and mitigation actions before ransomware can take hold.