Sinclair Broadcast Group Ransomware Attack: How it happened and what this means.
Last week, millions of television viewers were shocked when a nationwide shutdown occurred, targeting local television stations owned by Sinclair Broadcast Group. Sinclair is one of the largest telecommunications conglomerates in the country, owning 294 stations and covering 100 different markets, giving them about 40% coverage of all American households. Sinclair acknowledged the breach last Monday in a statement saying:
“On October 16, 2021, the company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted.”
Shortly after this breach, Sinclair disclosed the full extent of the attack to the SEC. They highlighted that the ransomware disrupted its general and office operations, with nationwide outages and data exfiltration also occurring. Luckily, the company’s response has been swift, implementing their incident-response plan within minutes of being alerted to the breach.
How did we get here?
October has proven to be one of the busiest months for ransomware gangs with major breaches occurring at Twitch and Ferrara Candy just weeks ago. Researchers believe that Sinclair was targeted in this instance due to its reliance on local advertiser revenue. These advertisers promote their products in smaller markets across the country and cannot afford to waste their ad-spend on weeklong outages. By taking away these revenue streams, the threat actors have pushed Sinclair into a corner where they either have to pay the ransom to get operations back online or risk losing more of their advertisers’ investments.
What does this mean?
Following the attack, many of Sinclair’s affiliate stations resumed operations in the middle of the week, with only a handful of minor inconveniences still lingering. Investigators have found that all stations were interconnected by a central Sinclair Active Directory, allowing the attackers to pivot from station to station within the network essentially.
Another issue that may prove troublesome later on is the extent of the data that was taken. Sinclair disclosed that data exfiltration did occur during the breach but has yet to identify what information was stolen. Other security experts’ issues surround the entry point these attackers used to gain access to Sinclair’s systems. This foothold could be used for reentry and other attacks if Sinclair does not properly remediate all known vulnerabilities in their network.
What is the solution?
Ironically, this increase in breaches nationwide falls during Cybersecurity Awareness Month, but organizations have to prioritize security initiatives moving forward. If enterprise-grade companies like Sinclair can be breached, think of the damage that can be caused to smaller organizations with less funding towards security. MFA (multi-factor authentication) and manual password resets are a great place to start but are not the end-all of security problems. More thought needs to be given towards the segmentation and mapping of an organization’s network. Lower-tiered users should not have access that can be exploited to open multiple doors inside of a network. This focus on identity/privilege management needs to be brought to the top of security discussions moving forward.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact