According to the BBC and CNN, a cyberattack disabled 11 French TV channels and took over TV5Monde's social media sites. The attack is thought to be in retaliation for French support of U.S. efforts in Iraq and Syria as the cyberattackers posted messages stating "The CyberCaliphate continues its cyber-jihad against the enemies of Islamic State."
The attack is being called "unprecedented" in scale because it wasn't just the network's websites that were impacted. The cyberterrorists also disabled the network's internal systems, email and eventually posted messages on the network's Facebook page. This level of coordinated attack suggests a highly motivated, sophisticated group.
I've talked about how the motivations of hackers often dictate the methods that are used to infiltrate an enterprise's systems. In this case, the hackers are clearly trying to take advantage of the wide reach of media outlets to publicize their cause — almost as if it is a perverse PR tactic. By posting their message on a respected news source, the cyberterrorists were able to reach a large audience with their initial attack. The publicity the attack received after the fact only increases the impact of the attack.
We don't yet have details on how the media outlet was breached. Yves Bigot, TV5Monde's director, is quoted as saying, "It's been a very powerful attack, because we have very strong firewalls which had been checked — and that had been checked very recently — and were said to be very safe. So obviously it's a very knowledgeable and powerful cyberattack."
This is just further evidence that securing the network layer is no longer sufficient. TV5Monde's security team implemented strong firewalls to ensure the network was secure. However, cybercriminals and cyberterrorists go after the path of least resistance, and, more often than not, the easiest way to breach an enterprise is through the application layer. Organizations have spent millions of dollars securing the network layer of their infrastructure, and as a result hackers have moved on from the network layer. However, because enterprises haven't fully locked down the application layer, cybercriminals are able to rely on the same old techniques they've been using to exploit application vulnerabilities. Application security is seen as difficult to manage and expensive, causing many enterprises to focus on securing only their mission-critical applications, rather than the entire application portfolio. This leaves thousands of applications insecure, and cybercriminals are all too happy to take advantage of this fact. If enterprises don't shift their thinking around how to reduce risk and secure data, we will see more hacks like this one.
Download our free whitepaper to learn why application security is a business imperative.