[BreachExchange] Sundance Hack Acts as a Warning to Small and Mid Sized Businesses

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jan 27 13:58:13 EST 2017


http://www.business2community.com/cybersecurity/sundance-
hack-acts-warning-small-mid-sized-businesses-01765418

This past Saturday, January 21st, the 2017 Sundance Film Festival was
underway with its first weekend of screenings when it was interrupted by a
cyberattack that disabled its online box office as well as internet access
throughout Park City, Utah. The attack is reportedly being investigated by
the FBI as a denial of service (DDoS) attack, and Sundance representatives
assured that no artist or customer information was compromised. In addition
to the online box office, many local businesses were hampered as they were
forced to accept cash only, and most ATMs were also out from the attack.

While it remains unclear who carried out the cyberattack and what their
motivations were, the hack on the film festival evidences the breadth of
organizations that are susceptible to and targeted by hacks. Typically when
we read these headlines, the attack has been carried out against a large
corporation that houses massive amounts of user data or credentials that
can be sold on the dark web, or offer some another bounty – monetary or
otherwise. Examples of attack headlines in the past few years put Yahoo,
Adobe, and Target in the middle of attacks targeting sensitive user and
employee information. These reports would lead people to believe that
hackers are only interested in similarly sized organizations whose data
offers more value — luring business owners and consumers into a false sense
of security when it comes to cybersecurity.

Small to midsize businesses can easily fall victim to this mindset,
assuming that no hacker would pay attention to their site when carrying out
an account takeover attack or exploiting a code vulnerability, as there are
many larger, seemingly more lucrative targets. However, the attack on the
Sundance Film Festival, a nonprofit outlet for independent films
unaffiliated with any major studios, would contradict this idea. Based on
reports, the attackers gained little from this exploit, but it demonstrates
clear security defects that could be disastrous for a similarly sized
organization.

Moreover, it is not only direct attacks to a site and applications that
need to be accounted for. If user credentials are stolen from the data
breach of a different site, hackers can use bots to see if that same
username and password can gain access to other sites; tangentially giving
them access to your site if an employee or customer used the same
information.

The attack on the Sundance Film Festival serves as a reminder that all
organizations, no matter the size, can be the subjects of a hack and should
implement cybersecurity measures to minimize the impact of such attacks as
much as possible.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170127/66954635/attachment.html>


More information about the BreachExchange mailing list