luisrsphoto - Fotolia

Cyber attack takes Channel Nine off-air

The Australian broadcaster was hit by an alleged ransomware attack that disrupted broadcasting operations in its Sydney studio

Australia’s Channel Nine was taken off the air yesterday, by a cyber attack on its IT systems that disrupted live broadcasts out of its Sydney broadcasting facility.

No one claimed responsibility for the alleged ransomware attack, and IT experts were working to bring systems back online.

A live morning programme, the NRL Sunday footy show, was replaced with a Melbourne version that could still go on as Channel Nine’s Melbourne broadcast facility has not been automated.

Channel Nine had fully automated its IT systems in its Sydney facility, which meant nothing could go live without the command from a computer, according to local reports.

The broadcaster said it was investigating if the latest cyber attack was the work of foreign threat actors and had sought assistance from the Australian Signals Directorate and the Australian Cyber Security Centre.

According to Kaspersky, Australia had one of the highest numbers of ransomware attacks last year among countries in the Asia-Pacific region, with seven victims from the media and technology sector.

Read more about cyber security in Australia

Rick McElroy, principal cyber security strategist at VMware’s security business unit, said the cyber attack on Channel Nine highlighted the growing prevalence of ransomware attacks.

“Not only are ransomware attacks getting increasingly sophisticated, the nature of ransomware attacks has also evolved to the point where organisations are experiencing the full brunt, damage and impact firsthand.

“Attackers will continue to take advantage of opportunities, leveraging the most efficient means to profit from an intrusion, often including redundancy planning in more recent intrusions. Ransomware-as-a-service has risen in popularity, providing cyber criminals with the necessary tools to carry out these types of attacks.

“Compounding these risks is the adage of affiliate programs for ransomware groups, providing new and unique ways for malware operators to have others deploy their payloads for a cut of the eventual profits,” he added.

Jacqueline Jayne, security awareness advocate at KnowBe4, a supplier of security awareness and training services, noted that “there is no security control in an organisation that is 100% effective all the time, as Channel Nine has learned”.

“That ‘silver bullet’ just does not exist, yet it is often an excuse to focus on recovery rather than prevention,” she said.

“That is a huge mistake and one that, now ransomware is often being used to exfiltrate and expose data, could be even more costly. A better approach is to stop attacks before they occur.”

Read more on Data breach incident management and recovery