CDSA

2021 proved to be a difficult year when it came to identifying (and stopping) threat actors, who were out in force and continue to pose a major challenge to media and entertainment and other organizations, according to the Media & Entertainment Information Sharing Analysis Center (ME-ISAC) and compliance/risk advisory firm StoneTurn.

“The big threats are definitely the ransomware groups, the organized crime, financially motivated groups” that have “completely overtaken that market,” Chris Taylor, ME-ISAC director and director of content security at Skydance, said Dec. 16 at the Content Protection Summit (CPS) event, during the session “The Bad Guys Are Everywhere – A Threat Assessment for 2021.”

We find ourselves at a difficult crossroads now as businesses are mandated to manage the evolving risks and rewards of a hybrid work environment. For malicious and increasingly sophisticated digital criminals, this new dynamic has driven their search for vulnerabilities at hyperdrive speed. From common compromise vectors to new and frightening hacks at the uppermost levels of organizations’ infrastructures, digital aggressors are always finding new methodologies with which to escape IT notice and exploit emerging weaknesses.

“When I first started tracking cyber threats about 20 years ago, the ones we were most scared  of were the nation state-sponsored groups,” recalled Taylor. “Those guys are still out there. They’re still very, very active. Russia, Iran, North Korea and a few others. China definitely. [They] are very active and are going after targets all over the world, and they’re not limiting themselves to governments.”

We are seeing those groups attack the “civilian sector to steal intellectual property to foster their country’s economy as well,” he explained. “And when they set their sights on you, they’re going to get in. That’s the ‘P’ in Advanced Persistent Threats. They definitely win every engagement that they have because they will just keep punching until they find a hole and then they’ll come in.”

However, those organizations tend to be “very, very targeted and they only go after specific targets that… have something that they’re after,” he pointed out.

Therefore, the “bigger threat [which] accounts for more than 80 percent of the intrusions that happen every single day, are the organized crime groups,” he told attendees. Why? “They’re not targeted. They’re casting a wide net and dragging it across the entire ocean to see how many fish they catch and then, after they’ve pulled everything onto the boat, they look to see if any of it’s worthwhile. And they end up hitting targets that they didn’t even aim for,” he explained.

For example, last year’s Colonial Pipeline ransomware attack that was discussed at CPS three or four times earlier in the day, he  pointed out. The hackers “weren’t attacking Colonial Pipeline; they were attacking anyone that was vulnerable and just happened to get them,” he said. The same thing happened to Experian and other companies, he told attendees, noting: “They left a hole in their defenses and this was what got in.”

Chiming in, Nathan Fisher, managing director at StoneTurn, said: “Chris is 100 percent right about that” and, making the problem even more complex, is “these criminal organizations have become so capable, so sophisticated.”

These groups “always had the motive in some respects but now they’ve got the means,” moderator Richard Atkinson, Content Delivery & Security Association (CDSA) executive board member and treasurer, pointed out.

Meanwhile, although “nation state actors are not the primary threat we face, a lot of these ransomware groups or criminal organizations either have direct connections in some form to these other nation state threat actors or they’re afforded the freedom to operate without any sort of interference from these host nations” – as long as the nation’s leaders aren’t the ones being targeted, Fisher explained.

These criminal organizations are taking in millions of dollars in revenue and are being run like legitimate businesses, Taylor said, noting that, for example, they are typically located in high-rise office buildings.

“There’s a myth that gets propagated” that many ransomware and other attacks are being perpetrated by “some overweight guy with no social life in his mom’s basement – and that is not where these organized crime groups are coming from,” according to Taylor. It is a large enterprise typically and these organizations inform others in the ransomware network that their malware must be modified because an antivirus program has identified it, he noted, adding: “They are doing a better job of supporting their malware than a lot of the vendors that I try to buy legitimate software from. It’s a little depressing.”

Sometimes, an organization will sell access to a particular site they’ve hacked and there is also a “trend that started just a few years ago” in which “ransomware groups are setting up franchises,” Taylor said.

Many organizations are still also afraid to report they’ve been victimized by one of these attacks because of reasons that include risk to their reputations, Taylor told attendees. They try to “sweep it under the rug” but that can do more damage than good because it often comes out a few years later there have been breaches of data, he said.

He and Fisher agreed it’s critical for organizations to share information on ransomware attacks and vulnerabilities.

“Insider threat is a huge problem” also and it can be deliberate or accidental such as when somebody at a company clicks the wrong link, Fisher pointed out.

In response, Taylor quoted one of the stickers he saw at one of the hacker conferences: “There’s no patch for human stupidity.”

To view the full presentation, click here.

The Content Protection Summit was open to remote attendees worldwide using MESA’s recently introduced metaverse environment, the Rendez.Vu-powered MESAverse, an interactive 3D-world that allows for hybrid live and virtual events.

The event was produced by MESA, presented by IBM Security and Synamedia, sponsored by Convergent Risks, Richey May Technology Solutions, PacketFabric, archTIS, Code42, INTRUSION, NAGRA, StoneTurn and Vision Media.