[BreachExchange] Cyber Attack on Nine Leads to Severe Disruption

[Destry Winant]

https://www.bandt.com.au/cyber-attack-on-nine-leads-to-severe-disruption/

Over the weekend, Channel Nine experienced a sophisticated cyber
attack on its North Sydney headquarters, significantly disrupting
programming.

The attack was ransomware, although Nine has not yet received a ransom demand.

In a note sent to all staff, Nine said that they had experienced a
cyber attack that was disrupting their live broadcasts.

“As a result, we were unable to get Weekend Today to air this morning,
however, have put several contingencies in place to ensure the NRL and
our 6pm bulletins will proceed.”

According to the note, the attack primarily affected the broadcast and
corporate business units, while the publishing and radio systems
continued to be operational.

All employees – in all markets – have been asked to work from home.

Television, digital production, and website 9news.com.au were all
affected for more than 24 hours.

Nine is currently working with the Australian Cyber Security Centre to
fix the situation, though it could potentially take weeks to
completely restore the network.

Today host Karl Stefanovic joked on Monday’s episode that the show’s
technical issues were “caused by Vladimir [Putin].”

On Monday, Nine is set to air an episode of Under Investigation with
Liz Hayes looking at Putin’s use of poison against political rivals.

The source of the attack is as yet unconfirmed, though according to
the Sydney Morning Herald, sources close to Nine reported that
external security experts said they had not seen an attack like this
before in Australia.

They also said that the ransomware seems to have been “created by a
state-based actor.”

Jacquelin Jayne, Security Awareness Advocate for KnowBe4 said that,
“there is no security control in an organisation that is 100%
effective all the time, as Channel 9 has learned.”

“That ‘silver bullet’ just does not exist, yet it is often an excuse
to focus on recovery rather than prevention. That is a huge mistake
and one that, now ransomware is often being used to exfiltrate and
expose data, could be even more costly.”

She also said that COVID-19 was making ransomware attacks potentially
worse than ever, and called for preventative measures.

Weekend Today present Richard Wilkins shared a picture of the show’s
hosts in front of one of the affected screens on Twitter.

To continue Nine’s programming, producers have been flown from Sydney
to Melbourne as operations are currently taking place from Victoria.