French TV broadcaster TV5Monde has suffered a major cyber-attack on its systems by pro-ISIS hackers which caused a broadcasting blackout for several hours and hijacked its social media pages and website.
The state-founded network suffered disruption to its 11 channels over night between around 10pm and 1am local time on Wednesday night.
In a report on its website, the company said it had regained control over its broadcasts and social media pages and that investigators from the National Security Agency of Information Systems (ANSII) would be on site for the next few days in a bid to work out what happened.
Aside from the broadcasting disruption, hackers took over the firm’s social media properties and posted, among other propaganda messages, what they claimed were identity cards and CVs of French troops fighting ISIS abroad.
Although pro-jihadist hackers have managed to take over social media accounts before – such as Newsweek and even US Central Command’s Twitter pages – this is thought to be the first time they’ve managed to black out TV broadcasts.
Although details are still emerging about the attack, it has most likely been carefully planned for months, according to Bharat Mistry, cybersecurity consultant at Trend Micro.
In a classic targeted attack MO, the attackers probably gained access to the network via a spear phishing email, and moved around inside the network until they found the key broadcasting servers.
A simple phishing attack is also likely to have gleaned the credentials needed to take over the station’s social media accounts, he said.
“This attack comes as a wake-up call for any business to the dangers that cyber threat actors pose. Businesses must educate their users to distinguish between legitimate and potentially malicious content – emails, URLs etc. Members of staff should also never open e-mail attachments unless they are expecting them,” argued Mistry.
“Moreover, businesses need to keep their list of blocked malware related websites, and their list of safe sites, up to date. Companies must ensure that users update their password with a suitable strength option and avoid visiting untrusted sites which could re-direct them to malware. Privileges and access to sensitive computers and data must be managed and software patches, AV files and engines must be kept up to date. If this simple safety housekeeping isn’t performed – a company could end up in a position similar to TV5.”
Andy Harris, engineering director at secure authentication firm Osirium, suggested the attack was a result of hackers gaining access to privileged accounts over a period of time “and then using them all at once in a combined attack.”
“The interesting element is that access to the broadcast feeds had been compromised and one would have expected these to be very well protected,” he told Infosecurity.
“However it’s our experience that many of the 'creative' industries don't have an interest or focus on security and its not uncommon to find passwords that haven't been changed in years.”