DEATH BY A CLICK – THE TV 9 STORY

You work for an organization and you get a legitimate looking email asking you to click on a link to install a critical “IT Update”. What should you do? Decide after reading the following blog.

Let the story of TV 9 Channel unfold.

It happened on March 28, 2021, a Sunday afternoon. Australian Channel 9 TV posted a tweet which indicated that it was under a cyber-attack. This attack rendered them unable to broadcast their popular weekend show “‘NRL Sunday Footy Show”.

This attack affected Channel 9 TV network’s ability to “produce its news and current affairs content”. Later in an article, Channel 9 News had described the outage as a sophisticated and calculated attack that fundamentally disrupted how the network delivered and presented news.

The technology that brings you 9 News every night is under attack by hackers.

Whether it’s criminal sabotage or the work of a foreign nation is still being investigated, but this attack could reveal a nationwide vulnerability. @MarkWBurrows #9News pic.twitter.com/YL8l1DLNVV

— 9News Australia (@9NewsAUS) March 28, 2021

Thankfully, Channel 9 had an in-house business continuity plan in place which made it possible to air all predetermined broadcasts while they continued dealing with the situation.

The big question is, what had happened and how did it happen?

Media reports indicated a malware spread through devices at Channel 9’s Sydney headquarters, which affected data and production systems.

Malware is a computer software such as a virus that the target does not know about or want and is designed with the purpose of damaging the targeted computer or computer network works

Media at the time also reported through its very credible sources that the attacker(s) had acquired access to the headquarters even before that Sunday. A possibility was mentioned that fake “IT Updates” were sent to users’ at the headquarters and when they clicked on that link to install an update/repair, the malware was installed.

One kind of malware is, Ransomware. Ransomware attacks the target computer or network and it locks down the data and the systems on the network until a ransom is paid. The cyber-attack on Channel 9 had all traits matching a ransomware attack.

Ransomware attacks often start with a phishing attack, in which large numbers of emails/messages are sent to users  at an organization. Phishing emails are designed to look like they are coming from a legitimate source and in an attempt to further make it look credible, the emails/messages  often include seemingly privileged information like user’s names, departments etc.

Once installed, ransomware generally encrypts all important data, including important files and even entire systems, leaving  them inaccessible by the users. Ransomware often targets emails and commonly used file types such as Pdf files, Spreadsheets, Presentations, and/or Word documents.

Very often the attackers have financial motive, and they typically demand for a ransom in exchange for releasing the locked-out data. Once a ransom is paid, they typically release a “key” to unlock the data.

Avoiding Ransomware Attack

Firstly, it is important to stop such attacks and for the purpose, it is very important for all organizations to make sure their network is secure and there are no vulnerabilities through which attacker(s) can acquire access to the network, to systems and to users/devices.

Secondly, it is also important to educate the staff on the dangers of clicking on links without making sure it is coming from a genuine source.

Thirdly, it is important to have an in-house business continuity plan in place.

In case of an attack, in-house continuity plan needs to be initiated, backups will need to be retrieved, and specific vulnerabilities needs to be identified and fixed/repaired immediately.