BACKGROUND:

Sinclair TV just confirmed a widespread data breach of their networks that took down many of their tv channels on Sunday and still continues as of 12pm EST. At first calling it a “technical issue”, stations across their networks resorted to posting news on Facebook, telling viewers they had lost access to their normal news services. Security Experts are commented below.

Experts Comments

October 19, 2021
Ron Bradley
VP
Shared Assessments

Why hunt for moose when you have thousands of rabbits running around?

The reality of Sinclair TV stations being disrupted is just another example of threat actors taking advantage of soft targets. Generally speaking, you don’t see big banks being held hostage to ransomware attacks because they have taken precautions to secure their perimeter, minimize their blast radius, and control internal lateral movement if a breach were to occur. 

The sad part of the story is, many small and medium size

.....Read More

Why hunt for moose when you have thousands of rabbits running around?

The reality of Sinclair TV stations being disrupted is just another example of threat actors taking advantage of soft targets. Generally speaking, you don’t see big banks being held hostage to ransomware attacks because they have taken precautions to secure their perimeter, minimize their blast radius, and control internal lateral movement if a breach were to occur. 

The sad part of the story is, many small and medium size businesses (aka; bunny rabbits) don’t have the wherewithal, both financially and technologically to protect their assets. It simply has not been part of their program. This is what makes them a soft target.

Recent attacks against critical infrastructure and the food supply bring this looming problem to the forefront. My supposition is this problem will get worse before it gets better.

However, this is not all gloom and doom. There are fundamental steps companies can take such as turning on multi factor authentication, providing security awareness training for users, implementing intrusion detection and prevention tools, and regularly testing their business resiliency plans.

  Read Less
October 19, 2021
Bill Lawrence
CISO
SecurityGate

There are a couple of good lessons learned from what we know so far with this ransomware attack: Somehow, the attack didn’t spread to Sinclair’s ‘master control’ broadcast system, so if it was network segmentation or a higher level of protection and care for the ‘crown jewels’, those are good practices to emulate. Also, they lost their internal network, email, phones, along with local broadcasting systems. 

For your next incident response plan drill, put the participants in separate rooms and

.....Read More

There are a couple of good lessons learned from what we know so far with this ransomware attack: Somehow, the attack didn’t spread to Sinclair’s ‘master control’ broadcast system, so if it was network segmentation or a higher level of protection and care for the ‘crown jewels’, those are good practices to emulate. Also, they lost their internal network, email, phones, along with local broadcasting systems. 

For your next incident response plan drill, put the participants in separate rooms and forbid the use of company email or phone calls. It would be hard for them to order a pizza together, much less work on business continuity. Out-of-band, encrypted communications, with apps such as ArmorText or Signal, set up and practiced before they are direly needed, can help immensely.

  Read Less
October 19, 2021
Sam Curry
Chief Security Officer
Cybereason

The reports of a ransomware attack on Sinclair broadcasting are a reminder of the resilience and diligence needed by all companies to turn the tables on ransomware attackers. While it is far too early to know the severity of the damage caused by this attack, I guarantee that if broadcasting networks are taken offline, the U.S. government would likely respond against the attackers if their identities are learned. After all, we witnessed a swift and decisive response earlier this year after the

.....Read More

The reports of a ransomware attack on Sinclair broadcasting are a reminder of the resilience and diligence needed by all companies to turn the tables on ransomware attackers. While it is far too early to know the severity of the damage caused by this attack, I guarantee that if broadcasting networks are taken offline, the U.S. government would likely respond against the attackers if their identities are learned. After all, we witnessed a swift and decisive response earlier this year after the Colonial Pipeline and JBS Foods ransomware attacks caused disruptions to gasoline deliveries on the East Coast and nationwide food disruptions.

Also, if we have learned anything from the deluge of ransomware attacks in 2021, the public and private sector need to invest now to ratchet up prevention and detection and improve resilience. We can meet fire with fire. Sure, the threat actors might get in, but so what. We can make that mean nothing. We can slow them down. We can limit what they see. We can ensure fast detection and ejection. We can—in short—make material breaches a thing of the past. So, what if they get a toe hold on the ramparts. We can keep them out of the castle by planning and being smart ahead of time and setting up the right defences.

Cybereason recommends not paying ransoms as it doesn't pay-to-pay unless a matter of life and death or national emergency. In fact, Cybereason's ransomware study of more than 1,200 global organizations shows that 80 percent of companies that paid a ransom were hit a second time, often by the same attackers. And in instances where the attackers handed over decryption keys to the victims after a ransom was paid, nearly 50 percent of the time the company's data was corrupted, slowing down the recovery phase even further.

  Read Less
October 19, 2021
Jonathan Knudsen
Senior Security Strategist
Synopsys

As details about the Sinclair Broadcast Group ransomware attack continue to emerge, questions will be asked. Will the ransom be paid? Can organisations recover their data? What kind of damage will this cause? The only question that matters is: how can a problem like this be prevented? The reason ransomware is so successful is that so few organisations are properly prepared. Organisations often focus solely on functionality when selecting, deploying, and operating software. They work hard to

.....Read More

As details about the Sinclair Broadcast Group ransomware attack continue to emerge, questions will be asked. Will the ransom be paid? Can organisations recover their data? What kind of damage will this cause? The only question that matters is: how can a problem like this be prevented? The reason ransomware is so successful is that so few organisations are properly prepared. Organisations often focus solely on functionality when selecting, deploying, and operating software. They work hard to make software do what they want it to do, but security and robustness are often neglected or ignored. To prevent accidental or malicious disruptions, organisations must adopt a proactive, security-first approach to software. Where is your data? How is it protected? If something bad happens, like a ransomware attack or a tsunami, how will you recover? Software is a powerful tool for organisations of all kinds, but it must be selected, deployed, operated, and maintained inside a framework of security and resilience.

  Read Less
October 19, 2021
Tim Erlin
VP of Product Management and Strategy
Tripwire

No one wants to be the victim of a ransomware attack. Being prepared involves more than having backups.

A ransomware incident tests multiple facets of a cybersecurity program. Investigation into how the ransomware infiltrated and moved within the organizations identifies preventive controls that were insufficient. The operational impact highlights how data and assets are critical to the business. The response fully tests the incident response and communications process. Learning from other

.....Read More

No one wants to be the victim of a ransomware attack. Being prepared involves more than having backups.

A ransomware incident tests multiple facets of a cybersecurity program. Investigation into how the ransomware infiltrated and moved within the organizations identifies preventive controls that were insufficient. The operational impact highlights how data and assets are critical to the business. The response fully tests the incident response and communications process. Learning from other organizations can help reduce the probability and impact of a ransomware incident in your business.

  Read Less
October 19, 2021
Tony Cole
CTO
Attivo Networks

Ransomware is a fast and lucrative method of attack. It’s not that difficult for cybercriminals to masquerade as a legitimate user using the credentials they stole on from the initial incursion. With that user’s credentials, they conduct queries to find targets in the enterprise Active Directory system, steal more credentials with elevated privileges, and rinse and repeat until they have gained access to their target. Then, in the case of Sinclair Broadcast Group, they

.....Read More

Ransomware is a fast and lucrative method of attack. It’s not that difficult for cybercriminals to masquerade as a legitimate user using the credentials they stole on from the initial incursion. With that user’s credentials, they conduct queries to find targets in the enterprise Active Directory system, steal more credentials with elevated privileges, and rinse and repeat until they have gained access to their target. Then, in the case of Sinclair Broadcast Group, they can steal corporate data, encrypt systems, gain control over security settings, and begin the hostage process for a ransom. 

To counter these challenges, organizations must understand that they can’t prevent all attacks. They must put in place systems that detect in-network lateral movement and credential misuse, look for privilege escalation, and protect identity management systems such as Active Directory. Without this visibility, we will continue to read about these large successful ransomware attacks for the foreseeable future.

  Read Less
October 19, 2021
Garret F. Grajek
CEO
YouAttest

Penetration of all our key systems, water, energy, transportation and media is a grave concern for western countries. The fact that a major media outlet like Sinclair was effected shows how vulnerable even those w/ security resources are to cyber-attacks. Sinclair revealed that they conducted a enterprise-wide password reset - which implies they may feel it was a compromised credential that beget the attack.

Enterprises need to go beyond just password resets and even 2FA and start understanding

.....Read More

Penetration of all our key systems, water, energy, transportation and media is a grave concern for western countries. The fact that a major media outlet like Sinclair was effected shows how vulnerable even those w/ security resources are to cyber-attacks. Sinclair revealed that they conducted a enterprise-wide password reset - which implies they may feel it was a compromised credential that beget the attack.

Enterprises need to go beyond just password resets and even 2FA and start understanding the scope and capabilities of all the identities in their enterprises. This mean practicing the principle of least privilege to insure that all accounts, especially when they are compromised, do not have access to resources they do not need access to but could inflict damage if the account falls under control of malicious party. User accounts are easily stolen and guessed by the hackers which then conduct lateral movement across the enterprise and privilege escalation to obtain access to valued resources.   Enterprises must be aware of the rights granted and triggered when privileges are modified.

  Read Less
October 19, 2021
Doug Britton
CEO
Haystack Solutions

An alarming number of US and Multinational corporations have inadequate security precautions and are suffering from headline making cyber-attacks. Without the right personnel in place, even the most sophisticated cyber vendors and security tech won't be enough. Cyber professionals who understand the organization, the business model, and how data is handled within the company are critical.

Corporations need to continue to invest in cybersecurity professionals. Security is a job that is never

.....Read More

An alarming number of US and Multinational corporations have inadequate security precautions and are suffering from headline making cyber-attacks. Without the right personnel in place, even the most sophisticated cyber vendors and security tech won't be enough. Cyber professionals who understand the organization, the business model, and how data is handled within the company are critical.

Corporations need to continue to invest in cybersecurity professionals. Security is a job that is never finished. Having the right in-house team in place is the best defense against constant cyber threats. We have the technology to find this talent even in the tightest labor markets. We need to move quickly and make a sustained commitment to get these folks into the fight or we risk having significant breaches continue.

  Read Less
October 19, 2021
Saryu Nayyar
CEO
Gurucul

Sinclair TV seems to be the victim of a ransomware attack, with multiple channels going off the air in an attempt to extort money. Attackers are getting more creative and brazen with their attacks, and this shows that more than enterprise networks and computing infrastructure is at risk. Anyone who has electronic systems exposed to the Internet can face a ransomware attack, demonstrating the need to monitor all systems rather than just computers.

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.