Connect with us


Hackers are forcing Hollywood to reevaluate its cybersecurity



(Bloomberg) — Sony. Netflix. And now, HBO.

While the 2014 hacking at Sony Pictures pushed entertainment giants to take computer security more seriously, recent incidents have exposed weaknesses throughout Hollywood’s food chain. Last week, as HBO investigated a cyberattack on its own systems, an unaired episode of its hit show “Game of Thrones” appeared online following an unrelated breach at a pay-TV partner in India. In April, when 10 episodes of Netflix Inc.’s “Orange Is the New Black” leaked, the incident was traced to a contractor.

Cybercrime is a growing problem for many industries, but Hollywood is especially vulnerable because of the long chain of people who work on a show or movie in post-production, experts say. Studios rely on an army of freelancers for everything from special effects to musical scores, creating a vast network of targets for hackers. Bringing those workers in-house is an option but would be expensive and could limit the talent studios can tap.

“Hollywood will have to recognize this will continue to grow and be an issue,” said Mike Orosz, who studies cyber risk as research director at the University of Southern California’s Information Sciences Institute.

HBO requires employees to have two-factor authentication and strong passwords for their computers. They also undergo security awareness training. But the company works with many post-production freelancers that handle sensitive information on personal email accounts and personal devices, raising security concerns, according to a former employee who asked not to be identified discussing an internal matter.

“Once the content is out of your hands, it’s truly out of your hands,” Orosz said. “The security of the third-party vendor is what you’re relying on.”

 HBO is still investigating how hackers broke into its computer system. They stole episodes of Larry David’s “Curb Your Enthusiasm” and “Ballers,” a person familiar with the matter said at the time. They also stole an executive’s emails and a summary of an unaired episode of “Game of Thrones,” according to Variety.

After receiving a ransom demand, an HBO executive emailed the hacker on July 27 offering $250,000 as payment for finding a security flaw, according to a copy of the message obtained by Bloomberg. HBO asked the hacker to extend the deadline for a week while the company arranged a payment in bitcoin. That was a stalling effort, according to a person with knowledge of the matter. Variety reported on the email earlier.

The hackers don’t appear to have breached the company’s entire email system, Chief Executive Officer Richard Plepler told staff last week. The network, owned by Time Warner Inc., declined to make any additional comment.

For Hollywood, hackers are threatening both reputations and businesses. A stolen movie that appears online before appearing in theaters loses 19 percent of its box-office revenue on average compared with films that are pirated after they’re released, according to a study by professors at University of Maryland and Carnegie Mellon University. People may not be willing to subscribe to Netflix or HBO if they can watch their favorite shows and movies online for free.

Ransom demands

What’s more, the wave of attacks is forcing media executives to confront a thorny question: Should they pay ransoms to hackers to get their content back?

The FBI says that’s always a bad idea.

“We believe it perpetuates the crime in general,” FBI spokeswoman Laura Eimiller said.

There’s also no guarantee paying the ransom will work. In April, Netflix refused to pay a hacker who stole unreleased episodes of “Orange Is the New Black.” Larson Studios, which worked with Netflix, told Variety it paid the ransom, about $50,000, in bitcoin. The hacker, who went by the name TheDarkOverlord, dumped the stolen episodes online anyway.

Larson Studios didn’t respond to a request for comment, while a Netflix official said only that the company is “constantly working to improve our security.”

In another high profile case this year, hackers threatened to leak a stolen copy of Disney’s new “Pirates of the Caribbean” if the company didn’t pay a ransom. The company refused, and Chief Executive Officer Bob Iger said later he believed it was all a hoax.

Even so, with millions of dollars at stake, some companies may decide paying is the best option, said Gary Davis, chief consumer security evangelist at the security firm McAfee Inc.

“If they got access to something like ‘Game of Thrones’ and I can pay them a couple million dollars to get that back, there’s probably a good use case,” he said.

The Sony attack, which embarrassed studio executives after private emails were made public, was linked by the FBI to North Korea, which allegedly was retaliating for “The Interview,” a film about a fictional plot to assassinate leader Kim Jong Un. Some studios have reportedly removed Russian President Vladimir Putin as a character in films because they’re concerned they’ll suffer a similar fate.

Sony has learned from that attack. Michael Lynton, former chief executive officer of Sony Entertainment, started transferring emails off his computer every 10 days.

“To me, that’s the solution,” Lynton said at event hosted by Lerer Hippeau Ventures in May. “Put it in a drawer and lock the drawer.”

This post was originally published by Bloomberg | Quint

Technology News on Bloomberg | Quint



Okta teams up with ServiceNow to bring identity layer to breach containment



Okta and fellow cloud company ServiceNow got together to build an app that helps ServiceNow customers using their security operations tools find security issues related to identity and take action immediately.

The company launched the Okta Identity Cloud for Security Operations app today. It’s available in the ServiceNow app store and has been designed for customers who are using both toolsets. When a customer downloads and installs the app, it adds a layer of identity information inside the ServiceNow security operations interface, giving the operations team access to information about who specifically is involved with a security problem without having to exit their tool to find the information.

Okta is a cloud identity management company, while ServiceNow is a cloud service management company. ServiceNow approached Okta about this integration because research has shown that that vast majority of breaches are related to compromised user credentials. The sooner the security operations team can track down the source of those credentials, the sooner they can begin resolving situation.

The way it works is a company detects a breach through the ServiceNow security tool. Instead of searching logs and and taking days or weeks to find the source of the breach, security operations can see the problem user directly in the ServiceNow interface.

With that information, they can decide immediately how to mitigate the issue. That could involve forcing the person to log out of all their applications and logging back in with new credentials and two-factor identification, suspending the user for 24 hours or a number of other actions at the discretion of the security personnel.

Okta identity tools in the ServiceNow interface. Screenshot: ServiceNow

The combination of the two products results in a better solution for customers who are using both tools anyway, says Okta COO and co-founder Frederic Kerrest. “It reduces incident triage, improves risk scoring and accelerates containment,” he explained.

The integration takes advantage of the Okta Advanced Integration Network and involves a set of APIs for for inserting Okta functionality inside of other applications. Among the other companies Okta is working with on this kind of integration is Palo Alto Networks.

This is not the first time the two companies have worked together, says Kerrest. There have been a couple of other cases where ServiceNow has used Okta as the default identity management solution in their products.
Featured Image: nicescene/Getty Images Readmore

Continue Reading


Anomali secures $40 million Series D led by Lumia Capital to scale threat detection solution



Anomali, a threat detection and mitigation company, announced a hefty $40 million Series D investment today led by Lumia Capital. The company was previously known as ThreatStream.

New investors Deutsche Telekom Capital Partners (DTCP), Telstra and Sozo Ventures along with returning investors GV, General Catalyst, IVP and Paladin Capital Group also participated in the round.

The company would not discuss the current valuation for the deal, which CEO Hugh Njemanze says closed last week. Anomali has now raised a total of $96 million.

While it changed its name from ThreatStream, that name still lives in the form of a product that uses various free and commercial sources to track known threats. Using that information, ThreatStream can monitor and detect breaches.

Meanwhile Anomali, a product the company developed in 2016 goes a step further. Once a company becomes aware of a known threat, it can scan your networks and see if you have been breached. “Upon discovery of a new breach type, Anomali can determine in real time if the network has already been attacked,” Njemanze explained. If the company is clean, they see a big green check mark in the dashboard. If not, they help them mitigate and build a defense against the breach.

The company plans to focus on international expansion with the new influx of cash, specifically taking aim at Europe, The Middle East and Asia Pacific regions.

In addition to the funding, Anomali also announced two new finance executives with Christopher Smith as Chief Revenue Officer and Drew Hamer as Chief Financial Officer. This could be a sign of a maturing company, preparing for the next steps in its evolution.

Anomali, which launched in 2013, currently has around 200 employees and 300 large enterprises subscribing customers including a large percentage of the Fortune 100, according to Njemanze. Named customers include Alaska Airlines, Bank of England and Citigroup.
Featured Image: Hywards/Getty Images Readmore

Continue Reading


Cloudflare Access aims to replace corporate VPNs



If you’re part of a reasonably big company, chances are there are certain resources that are only available via the intranet, internal network, or whatever your company calls it. A common way to access these from outside company property is a VPN, but VPNs are rather a clumsy solution — one companies like Google and Amazon are leaving behind. Now (Battlefield alumni) Cloudflare wants you to do the same and use its new Access service instead.

The basic idea of a VPN is that instead of sending your network traffic directly to the website or service you’re trying to contact, be it Netflix or the company intranet, you send it to a trusted server. That server sends those packets on their way to the website or service, receives the responses, and sends them back to you.

VPNs limit the exposure of sensitive data to would-be snoops, but they often slow down traffic, and also reflect an outdated, internal-versus-external idea of securing data.

A few years back Google pioneered a new way of keeping things secure: essentially, trust no one and authenticate everyone. The burden of authentication becomes greater, but this is more than made up for by the simplicity of the security, which puts a wall in front of users and devices instead of resources and services. That means the latter can sit on the ordinary public internet, accessible (to those authorized of course) from anywhere.

Amazon did something similar, and now both their systems are available for administrators to use… if your service is hosted on their cloud platforms. But what if you’ve got a few of one, a few of the other, and a few of a third and fourth kind? You’re probably going to be stuck with a VPN.

It’s this last situation that Cloudflare is aiming at. Access, the new service, will work with identity and authentication companies like Okta, Google Auth, and so on, but provide access control and encryption across multiple platforms, including GCS and AWS.

The company claims it shouldn’t slow traffic down a whit; Cloudflare already has servers all over the place for its DDoS protection and CDN services, and Access will use those — so your requests to corporate don’t have to route through London or Tokyo or wherever.

Essentially Cloudflare is doing the important part of the VPN — inspecting certificates and traffic, establishing a chain of trust for packets — in a less clunky way and one that enables companies to let data live on cloud services instead of internal servers.

You can try it for free for one employee (generous!) but after that it starts costing $3 per head per month, with bulk discounts of course. You can find out more at the Cloudflare Access site.
Featured Image: cifotart/Getty Images Readmore

Continue Reading

Subscribe to our Newsletter