Tag Archives: TV5 Monde

Phishing is the attack vector #1.

18 April 2015

In report ‘Phishing email’ the key to hacking of TV5 Monde‘, published 14 April 2015 on thelocal.fr, we read:

“According to a source close to the investigation cited by Europe 1, the hack started with a “phishing” email that was sent to all journalists at the TV channel at the end of January.

Three journalists responded, allowing the hackers to infiltrate the channel’s system using so-called “Trojan Horse” malware (malicious software).”

You may remember the Anthem cyber-attack some weeks ago. The credentials of five employees were phished and used by the cyber attackers to steal millions of customer data sets. Cyber-attacks start very often with phishing emails. Even if only a few employees responds it always ends up in a catastrophe.

Would risk management have prevented the TV5 Monde attack? Definitely not!

In the TV5 Monde case it is very likely that the Trojan-Horse would have been detected by a proper configured Anti-Malware scanner on the mail-in server. For details please see my post ‘Free email providers are preferred distribution channels for malware’.

@Mr. Oettinger. It’s time to start a truly useful European initiative:

‘Email providers shall run an in-depth scan of every email when it is posted to the mail-in server. If an email contains malicious object it must be rejected!’

It is very likely that the TV5 Monde attack could have been prevented, if a next generation firewall would have been used to run an in-depth scan of the phishing mails.

Have a good weekend!

This morning in my garden.

This morning in my garden.

Would the European NIS Directive have averted the TV5 Monde hack?

16 April 2015

‘Never one to miss a chance to push policy, Oettinger also suggested that the proposed Network and Information Security (NIS) Directive could have averted the hack in the first place.’ This excerpt from Jennifer Baker’s post ‘What would have stopped TV5Monde hack? Yup, MOAR LAWS’, published on 14 April 2015, shows once again the naïvety of top European leaders.

The implementation of an information security risk management will not raise the security level. It just manages the structural weaknesses of a security strategy. That’s much more than most of the companies have in place today, but it’s not enough to fight the current attacks and, to stay secure in future. This is best explained by an example.

One of the required controls for implementation of an Information Security Management System (ISMS) is a security standard or security baseline. The baseline lays down the security configuration of e.g. the servers in a company. It’s very important to define a security baseline because it allows you to find deviations of an individual server from the baseline. Each deviation is a vulnerability that could be exploited by an attacker and should be mitigated as soon as possible.

But a security baseline lays down the structural weaknesses of a security configuration as well. If your baseline was originated on the basis of Windows 2008 R2 Server, and if you use it for Windows 2012 R2 Server without changes, a Windows 2012 Server will show the same structural weaknesses as a Windows 2008 Server.

Thus, the baseline has to be continually improved to at least keep the security level because the threat level develops faster than vendors release new security features.

Would the European NIS Directive have averted the TV5 Monde hack?

The answer is: Definitely Not!

Information Security is more than implementing policies and the obligation to inform the authorities in the case of a cyber-attack.

Take care! And check the complexity of your passwords!

For details about the NIS directive please see the NIS platform.