Media and Entertainment

(0) attackers < Back

Understanding the cyber threat:

In December 2015, the online video gaming distribution platform Steam revealed that 77,000 of its gamer accounts were hacked every month. Steam has leveraged the increased digitalization of the industry to establish itself as a key player. This very digitalization appears as a reason for the growing interest of cyber attackers towards the media and entertainment sector, which has been characterized by a constant underappreciation of cyber risks. The multiple companies affecetd by attacks and the growing concern with regards to the security of Iot devices did not help move the needle and companies in the sector continue to suffer from IP theft andreputation damage.

On November 24, 2014, Sony’s employees realized their corporate network had been hacked by a group calling itself The Guardians of Peace. The threatening message displayed on their computers (figure 1) reports the possession of sensitive internal information. A few days later, torrent links of unreleased Sony’s movies and confidential information about employees are leaked. This attack, supposedly operated by a North Korean group stands out as a landmark for the media and entertainment industry, alerting the sector about the risks of neglecting cybersecurity.

Copyrighted material is an important resource in the media and entertainment industry. Many cybercriminals have realized the value of these assets and have started to target this industry in a double threat strategy. Not only does data encryption put pressure on companies, but the exfiltration of such information and the threat of its release serves as an additional blackmail technique. Indeed, the pre-release of copyrighted content is a major financial and reputational risk that a media company cannot afford to take. This logic is leveraged by cyber attackers specifically targeting the sector. The average cost related to data breach for the entertainment industry stands at $4.8 millions.

Third-party compromise is a classic tactic that is particularly applicable to the industry as media production models are built on a decentralized supply chain. Film directors, for example, delegate specific tasks such as editing, stunts, or art design to subcontractors, thus multiplying the entry points for an agile attacker. The leak of several episodes of Netflix’s series Orange is The New Black in April 2017 exemplifies this tendency as the hack originated from the compromise of a third-party entrepreneur working for the show.

High visibility as well as valuable assets that can be leveraged are enough to prompt different players to express an interest in the sector. First, the airing of audiovisual content may spark political controversies. 2014’s Sony Hack is widely believed to be the work of a North Korean APT group responding to Sony’s release of “The Interview”, a comedy movie staging the assassination of the north Korean leader Kim Jong-un. State-sponsored gangs may also target the industry in a larger effort to destabilize a political adversary and excert influence. This motive is exemplified by the hack of TV5 Monde in April 2015. Hacktimism is another reason for the targeting of this sector. Indeed, individuals or groups of individuals may try to retrieve email correspondence or personal information belonging to celebrities in order to generate buzz. The most crucial threat to the sector remains financially motivated actors.

The ecosystem is dominated by double-extortion schemes (encryption and leaks of Intellectual property (IP)), and facilitated by the decentralization of the model and the intrinsic vulnerabilities of companies working in the media and entertainment sector.