Secure Browsing

Media and Electronic Gaming Companies Prepare for a Jump in Ransomware Attacks in 2021

It’s no surprise that recent surveys highlight ransomware as the top security worry (and highest priority) for CISOs in 2021. Media and Entertainment organizations, including rapidly growing video game development studios, need to be especially concerned. Sophos’ recent State of Ransomware 2020 report noted that the media and entertainment sector was the vertical most targeted by ransomware, with 60% of organizations in the survey experiencing a successful (for the attacker, that is) attack last year.

Content Is King, and That Makes it a Prime Target

It’s no surprise that media, entertainment, and gaming companies are such big targets, given the high value of the intellectual property and revenue-generating content that resides on their networks. In these industries, content truly is king… and cybercriminals want a share of the riches. Criminals active in the ransomware trade carefully choose which systems to target, aiming for those that are most likely to compel their owners to pay up so they can rapidly restore operations. For a production company, the ideal target is the network and files associated with the development of its shows, movies, or music. For an electronic gaming company, it is the code for the next blockbuster title that’s in development. Imagine the impact of theft of this content — the disruption and delay of project development, and the revenue  loss should key plot points or game strategies be revealed.  These scenarios, as well as potential for leaks of proprietary content to competitors, create compelling reasons for impacted organizations to quickly pay large ransoms.  

A case in point is the recently disclosed ransomware attack on media giant Banijay. Banijay is the parent company of more than 120 production companies across over 20 countries, which produce and distribute shows such as Big Brother, Survivor, and the Black Mirror and Peaky Blinders series. Their public notification regarding the attack noted that:

” certain personal data of current and ex-employees may have been compromised, as well as commercially sensitive information.”

While unclear, the term “commercially sensitive information” sends the mind racing about what this might include – perhaps work on movies under development, unreleased episodes of programs (“Psst… how much would you pay to know who won the upcoming season of Survivor?”), and so on. Obviously, the consequences of this sort of content falling into the hands of a criminal organization could be devastating.

The risks extend out to the large network of companies that support media and entertainment organizations, and the creative professionals and stars they work with.  For example, media and entertainment law firm Grubman Shire Meiselas & Sacks confirmed that its computer systems were hacked last year, an incident that allegedly resulted in 756 gigabytes of private documents and correspondence being held for ransom. Its clients include Bruce Springsteen, Madonna, Elton John and Lady Gaga.

Legacy Approaches are Failing

BT’s recent “CISOs Under the Spotlight” report included a shocking statistic. In the report, 84% of executives said that their organization had suffered from data theft/loss or a significant network security incident over the past 2 years. Let that sink in for moment. While the severity of the incidents surely varied, the fact that more than 8 out of 10 businesses surveyed said they had been breached is hugely problematic.

Other data pinpoints where the problem really resides.  Gartner research puts the spotlight firmly on email and the web. Specifically, they note that email is involved in 94% of malware delivery, and that phishing is present in 78% of cyber espionage incidents. Email – which leads users to malicious sites via phishing URLs embedded in their content, and the weaponized files attached to them – is the door that existing security approaches do not adequately secure. Advanced malware, including drive-by zero day browser exploits like those reported by Google, amazingly realistic copycat phishing sites that pop up and down daily, weaponized web downloads, and email attachments all frequently evade existing network and email security stacks, which is a key reason why so many organizations have been successfully breached.

Once malicious code from websites gets onto a user’s local device via the click of an email link or downloaded attachment, the battle has effectively been lost. From their beachhead on a single device, hackers quickly move laterally within a company’s network, looking for that prized content we discussed earlier. Once they find it, they can exfiltrate copies, and lock down internal systems and files needed to access the information on the network…then everything grinds to a halt. 

A Better Way – Isolate all the “Bad Stuff” Away from Your Network

In the situation where malware has evaded a company’s existing security controls, organizations end up depending on end-users to become, in essence, their last “firewall”. They hope that training and good sense will help keep users, and the company, out of trouble. Unfortunately, history has consistently shown that humans are the weakest link of all. In 2021, is the defense strategy of “don’t open suspicious emails”, and “don’t download web documents” really be the best we can do? 

The good news is that there is a better way. It is called Remote Browser Isolation, or RBI for short, and it’s unique approach to securing the use of the web and email that Gartner describes as the single biggest thing an organization can do to improve its web security. For media production organizations looking for a more secure, user-friendly way to comply with the web access security guidelines defined in the MPAA Content Security Best Practice rules (DS-2.0,2.1, and 2.2), cloud-delivered RBI, which isolates devices and networks from direct access to the Internet, is the perfect solution. RBI brings a completely different level of protection and usability to secure web access – one that is lightyears beyond the kludgy virtualization and terminal services solutions that some organizations have adopted to satisfy MPAA guidelines.

Airgap Your Valuable Content from Web-Delivered Threats

RBI is based on the military concept of “air-gapping” sensitive systems from the internet, and it brings the concept of Zero Trust security to the web. As described in CSO Magazine, RBI is a way to “take the concept of Zero Trust (“trust nothing, always verify”) and apply it to user interactions outside of an organization… ensuring that all of the potentially bad stuff stays isolated on the other side of your network fence.”

RBI moves web browsing activity (whether from the click on the link in an email or a social media stream, or a user browsing the web on their own) away from the endpoint, isolating it in a cloud-based container. Only safe rendering information is streamed to the device, ensuring potentially dangerous web code never makes its way into the browser. Endpoints (and the networks and applications they are attached to) are air-gapped from 100% of the malware hidden on websites, even the most sophisticated zero-day ransomware threats targeting organizations. This approach ensures that endpoints stay completely protected from web-based exploits and malware. Of course, if the endpoint cannot be compromised, then hackers cannot use it as a beachhead from which they can move laterally across networks to compromise systems with valuable production content.

On the email front, organizations using RBI can set policies that effectively eliminate the risk of phishing malware and credential theft from newly created phishing sites. These sites, by their nature, are almost always short lived and “new” to the internet, spun up and down before they can be identified – and blocklisted — as malicious sites.

Ericom Remote Browser Isolation ensures that all as-yet uncategorized websites launched from URLs embedded in emails get rendered in “read-only” mode, thereby preventing users from being tricked into entering their credentials for websites, cloud applications, databases and so on.

Organizations can also choose to prevent users from downloading web documents and email attachments, electing instead to permit them to be viewed only within an isolated environment. Alternatively, they can use Ericom’s integrated Content Disarm and Reconstruction (CDR) capability to scan files for viruses and remove any risky active content, delivering them to users in their native file format or in a safe read-only version.

To Keep Your Media Projects on Track, Make RBI Your Next Security Project It can be argued that ransomware stakes are higher for companies in the media and entertainment industry than for any other sector. Based on the targets cybercriminals have chosen over the past year, they clearly agree. Predictions are that it will only get worse, and since existing deterrence systems and processes have proven to be ineffective, staying the course is not a viable option. The ability to truly air-gap valuable content without adversely impacting user productivity, is the innovation that the industry has been waiting for.  Contact Ericom today to learn how you can quickly get RBI security controls in place to protect your organization and align with MPAA Content Security Best Practices.

Gerry Grealish

Gerry Grealish

Chief Marketing Officer | Ericom Software
Gerry is a security industry veteran, bringing over 20 years of Marketing and product experience in cybersecurity and related technologies. Responsible for marketing and business development, Gerry previously was at Symantec, where he was responsible for the go-to-market activities for the company’s Network Security portfolio. Prior to Symantec, Gerry was at Blue Coat, which he joined as part of Blue Coat’s acquisition of venture-backed CASB innovator, Perspecsys, where he was CMO.