News Insights: Ransomware attack knocks some Sinclair television stations off the air

Ransomware attack knocks some Sinclair television stations off the air

The company says hackers targeted several of its servers and workstations, and took unspecified data.

Ransomware attack knocks some Sinclair television stations off the air

News Insights:

John Shier, Sophos senior security advisor at Sophos:

“While unfortunate, it is not surprising that a large media company like Sinclair fell victim to such an attack. The attack prevented affiliates from broadcasting local content and news, potentially denying many viewers important and timely information. Continued vigilance remains a key priority for businesses of all sizes and in every industry. The attack has demonstrated, yet again, how disruptive such an attack can be. We’re in the midst of a ransomware crisis, and the epidemic is quickly intensifying with businesses around the globe and across every sector increasingly under attack by ransomware criminals. 32% of media, entertainment and leisure organizations experienced a ransomware attack in 2020, according to Sophos’ 2021 State of Ransomware report. The average ransom paid in this industry is $134,125, with total remediation costs totaling $1.36 million on average. Furthermore, nearly half of organizations in this industry say they haven’t yet been attacked but expect to be in the near future.”

 

Saryu Nayyar, CEO, Gurucul (she/her):

“Sinclair TV seems to be the victim of a ransomware attack, with multiple channels going off the air in an attempt to extort money. Attackers are getting more creative and brazen with their attacks, and this shows that more than enterprise networks and computing infrastructure is at risk. Anyone who has electronic systems exposed to the Internet can face a ransomware attack, demonstrating the need to monitor all systems rather than just computers.”

Doug Britton, CEO, Haystack Solutions:

“An alarming number of US and Multinational corporations have inadequate security precautions and are suffering from headline making cyber-attacks. Without the right personnel in place, even the most sophisticated cyber vendors and security tech won’t be enough. Cyber professionals who understand the organization, the business model, and how data is handled within the company are critical. Corporations need to continue to invest in cybersecurity professionals. Security is a job that is never finished. Having the right in-house team in place is the best defense against constant cyber threats. We have the technology to find this talent even in the tightest labor markets. We need to move quickly and make a sustained commitment to get these folks into the fight or we risk having significant breaches continue.”

Bill Lawrence, CISO, SecurityGate:

“There are a couple of good lessons learned from what we know so far with this ransomware attack: Somehow, the attack didn’t spread to Sinclair’s ‘master control’ broadcast system, so if it was network segmentation or a higher level of protection and care for the ‘crown jewels’, those are good practices to emulate. Also, they lost their internal network, email, phones, along with local broadcasting systems. For your next incident response plan drill, put the participants in separate rooms and forbid the use of company email or phone calls. It would be hard for them to order a pizza together, much less work on business continuity. Out-of-band, encrypted communications, with apps such as ArmorText or Signal, set up and practiced before they are direly needed, can help immensely.”

Ron Bradley, VP, Shared Assessments:

“Why hunt for moose when you have thousands of rabbits running around? The reality of Sinclair TV stations being disrupted is just another example of threat actors taking advantage of soft targets. Generally speaking, you don’t see big banks being held hostage to ransomware attacks because they have taken precautions to secure their perimeter, minimize their blast radius, and control internal lateral movement if a breach were to occur. The sad part of the story is, many small and medium size businesses (aka; bunny rabbits) don’t have the wherewithal, both financially and technologically to protect their assets. It simply has not been part of their program. This is what makes them a soft target. Recent attacks against critical infrastructure and the food supply bring this looming problem to the forefront. My supposition is this problem will get worse before it gets better. However, this is not all gloom and doom. There are fundamental steps companies can take such as turning on multi factor authentication, providing security awareness training for users, implementing intrusion detection and prevention tools, and regularly testing their business resiliency plans.”

Garret Grajek, CEO, YouAttest:  

“Penetration of all our key systems, water, energy, transportation and media is a grave concern for western countries. The fact that a major media outlet like Sinclair was effected shows how vulnerable even those w/ security resources are to cyber-attacks. Sinclair revealed that they conducted a enterprise-wide password reset – which implies they may feel it was a compromised credential that beget the attack. Enterprises need to go beyond just password resets and even 2FA and start understanding the scope and capabilities of all the identities in their enterprises. This mean practicing the principle of least privilege to insure that all accounts, especially when they are compromised, do not have access to resources they do not need access to but could inflict damage if the account falls under control of malicious party. User accounts are easily stolen and guessed by the hackers which then conduct lateral movement across the enterprise and privilege escalation to obtain access to valued resources.   Enterprises must be aware of the rights granted and triggered when privileges are modified.”