Channel Nine has suffered the largest cyber attack on a media company in Australia’s history, according to reports from IT News, the AFR and Nine News.
The cyber attack, reported by Channel Nine as a variation of a ransomware attack, struck early Sunday morning, resulting in television and digital production systems being offline for more than 24 hours. The attack impaired Channel Nine’s ability to broadcast from its Sydney studios, forcing the media outlet to shift operations to its Melbourne studios.
Channel Nine swiftly responded to the cyber-attack, advising affected parties that its IT teams were working around the clock to fully restore its systems and further describing the attack as a sophisticated and calculated attack that could take weeks to remediate.
Channel Nine has further enlisted the help of the Australian Cyber Security Center, which is taking an increasingly central and important role in this area and offered technical assistance in the investigation and resolution of the attack. It is interesting to note that in the recent updates proposed to the Security of Critical Infrastructure Act 2018 (Cth), the “communications” sector (which includes broadcasting services) would have additional obligations to consider in the event of such incidents.
At this stage, Channel Nine has not reported receiving a ransom demand.
The events demonstrate, as the Australian government pointed out in last year’s Australia’s Cyber Security Strategy 2020, that even large organisations with significant investments in proper data security protections and mechanisms can be out-manoeuvred by cyber attackers. It has been suggested that this attack may have been state sponsored given the level of sophistication.
Channel Nine’s quick response to notify affected individuals and utilise both internal and external resources also represents an important example of how entities respond in the circumstances of a cyber incident.
We will keep you posted on any further updates.