Cox hit by ransomware attack

[Kilbasa123]

Things don't have to be connected directly to the Internet to be compromised by Ransomware. There are sooo many vectors into an organization these days; email, direct messaging, exposed systems, un-patched systems, personal devices, removable media.

To the points made above about backups - yes, that's the one method of recovery available right now that doesn't involve paying the bad guys. But it's still expensive.

In order to make SURE you have eradicated the bad guys from your systems, you have to either have familiarity with the exploit used, or you have to rebuild EVERY system from a known good base. It's a harsh reality. Unfortunately, most people pay the bad guys to unlock their systems, then have to do all of the work anyway to make sure they are out anyway.

 

[Kidd Casio]

Cyber attack leaves several Cox Media stations unable to broadcast

 

[CaliRadioFan]

So they're off the air completely?

 

[gr8oldies]

So they're off the air completely?

They were never off the air completely, but some (particularly TV) could not originate local programming

 

[TheBigA]

Another story about how your own home wifi network may be exposed:

Your Amazon Echo Will Share Your Wireless Network With Neighbors, Unless You Opt Out

The company says its Sidewalk system extends the range of low-bandwidth devices by pooling neighbors' networks to improve connectivity. It's all in the customer's interest, Amazon says.

www.npr.org

 

[oldradiotapes]

A few years ago, there were cases of people breaching people's baby monitor and home camera systems, seemingly just for fun or out of boredom than anything else. In one particular instance, a parent thought they heard an odd voice coming from their child's room and they went in to find some stranger talking to their kid and encouraging them to break things and trash their room. Connected homes can offer a lot of conveniences, and for those who like "toys" they can

Just FYI, this has nothing to do with hackers or hacking (erroneous references to hackers have been corrected in the quote). I know you don't want to hear it but as long as braindead consumertards keep taking equipment out of the box, plugging it in and operating it with default settings, this will happen. Default passwords/login names are usually not difficult to guess and lists are even "out there" for anybody who wants to spend two minutes in front of their preferred search engine. A lot of these things don't even have passwords or other security turned on by default. They're just out there, wide open for anybody to access or exploit. No knowledge of hacking or any other aspect of computer science involved or necessary.

Nor is it anything even remotely new. W.... um, some people I've heard about, "for educational purposes only", of course (insert disclaimer here) were doing that 20+ years ago when analogue 49 MHz baby monitors and 2.4 GHz surveillance cameras were everywhere. (But, I don't actually know any of those people, so....) The fact is, that can still be done today with a minimum of technical expertice. Analogue 49 MHz monitors are still widely available on the market and aren't going anywhere. How difficult is it to replace a babyphone mic with a line-in socket, attach a nice 1/2 wave high-gain aerial and start blasting Marylin Manson and 2 Live Crew to Junior's mommy a mile up the road? Anybody with the most rudimentary of soldering skills can do it. It doesn't take a criminal mastermind or electronics expert, or some extra with thousands of dollars of hammy gear and no social life.

 

[Kidd Casio]

Cox Media Group is now in their fifth day dealing with Ransomware attack.

CMG Streams Remain Offline For Fifth Day In Apparent Ransomware Attack.

 

[LegalTender]

"The outrage also affects major TV stations in Atlanta, Seattle, Pittsburgh, Orlando and other markets."

The "outrage" is the AJC and CMG remain mum.

 

[leethalweapon]

The "outrage" is the AJC and CMG remain mum.

How much information is too much? Aside from people here and on other message boards, the general public appetite information for on this is probably not that great. Those who need to know probably do know. As a person who has been through an recent cyber attack event, my great complaint was lack of communication within the organization, and in turn messaging to clients about campaign data delays.

 

[TheBigA]

my great complaint was lack of communication within the organization, and in turn messaging to clients about campaign data delays.

My take is these attacks are the technical equivalent of rape, and after that kind of thing, most victims don't know who to trust for a while.

 

[leethalweapon]

Cox Media Group is now in their fifth day dealing with Ransomware attack.

CMG Streams Remain Offline For Fifth Day In Apparent Ransomware Attack.

This will take a fair while. It took us nearly a month to get some of our systems back up and running after a recent attack.

 

[Mikey Radio]

Cox Media Group is now in their fifth day dealing with Ransomware attack.

This will take a fair while. It took us nearly a month to get some of our systems back up and running after a recent attack.

Wow, I guessed the engineering and IT staff for the various stations would be able to work through at least most of the issues in several hours and at least get them back in service with a cobbled together temporary solution within a day or maybe two.

It'll be interesting once this is over and they're recovered if any of the industry magazines like Radio World or the TV equivalent will do a story about this in the same vein where they've done stories in the past about stations that have been destroyed by fire and how they rebuilt or had towers taken down by a weather event. Obviously there will be some important lessons learned from this attack, both what they could've done to be better prepared or if/how this attack could've been avoided, and how they ultimately recovered. At minimum I'm guessing they'll have their staff as invited speakers at a upcoming industry show(s).

 

[Y2kTheNewOldies]

They were never off the air completely, but some (particularly TV) could not originate local programming

Hackers Reportedly Target Cox Media Group Stations

Reports say ransomware attack affected company’s radio and television streams

www.nexttv.com

According to this article Hulu had to replace Cox owned ABC affiliates like WSB-TV with the national feed of ABC.

 

[leethalweapon]

Wow, I guessed the engineering and IT staff for the various stations would be able to work through at least most of the issues in several hours and at least get them back in service with a cobbled together temporary solution within a day or maybe two.

We were manually putting together logs across our network for about 10 days before devising a stop-gap solution. Our traffic system had to be rebuilt, and took a month.

 

[Ray]

There is a round table discussion today on the BDR.net lunch gathering about ways to protect your station from ransomware today at 2 PM EDT. They typically bring in some industry experts. Large group of broadcast engineers attend.

The Lunch Gathering – The Broadcasters' Desktop Reference

www.thebdr.net

Ray

 

[LegalTender]

No official statement has come from CMG corporate to staff.

"Cyber intrusion" is as far as anyone will go, off the record.

Cox Remains Silent on Hack — FTVLive

They are still dealing with problems and still not talking….

www.ftvlive.com

 

[jabba17]

No official statement has come from CMG corporate to staff.

"Cyber intrusion" is as far as anyone will go, off the record.

Cox Remains Silent on Hack — FTVLive

They are still dealing with problems and still not talking….

www.ftvlive.com

Usually the vector for ransomware is an email containing an attached file containing the initial malware, or a link to a website with a dialog box that pretends to install useful software. The malware silently opens up other avenues for attack and eventually downloads other malware including the encrypting ransomware itself. The "better" malwares can operate invisibly for days or weeks spreading as far as it can over the network, uploading sensitive files (say, HR info) that could be leaked if the ransom is not paid, destroying connected backups, deactivating anti-malware tools, and encrypting files before announcing its presence. Some of them operate via remote control.

Due to the amount of money involved, the email and malware payload are carefully crafted for each victim to appear as realistic as possible and made to look like it came from a trusted, higher-up executive of the company to get attention and compliance. Often executives are targeted due to a lack of IT expertise and broad IT privileges. Both email targets and the names of executives can be identified and selected from public data sources like LinkedIn. This kind of targeted attack is called "spear-phishing" or "whaling".

 

[LegalTender]

Nothing has been posted on ransomware extortion sites and there were no claims of responsibility.

Malicious intent is a big canvas. Not your garden-variety hack.

 

[101tm]

I’ve noticed none of the Cox stations are streaming on their websites or via third party apps. I wonder how much money they are continuing to lose overall without digital options available.

 

[AMFMRadFan]

I’ve noticed none of the Cox stations are streaming on their websites or via third party apps. I wonder how much money they are continuing to lose overall without digital options available.

95.5 WSB’s stream was working via TuneIn yesterday Friday 6/11/2021. I don’t know if this is related but Alan Sanders was supposed to fill in for Erick Erickson yesterday afternoon. Alan was successful in filling in for Erick but it didn’t air on 95.5 WSB. 95.5 WSB aired The Mark Kaye Show instead. I had to listen to Alan on WRGA out of Rome, GA, one of the GNN affiliates. We should know on Monday whether or not Apollo/Cox screwed Erick over by airing Mark Kaye instead of Alan Sanders. Airing Mark Kaye could have been related to the clean up from the ransomware attack. We should know something on Monday. Anyway, that is all.