Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Netflix Breach: Orange, Black, and Another Hack

May 1, 2017

  • Blog
  • Archive
Netflix Hack How much would your organization pay in ransom to stop the early release of its intellectual property? Can you place a monetary value on a breach of this type? In the case of the weekend Netflix breach notification, they paid nothing. Does the breach of an entirely new season of Orange is the New Black actually hurt Netflix, or does it provide a low cost, unintentional and extreme promotion for one for their most popular shows?

Not another Sony?

Sony experienced similar euphoria with their breach in 2014 and theft of a few movies; but their breach had deep security ramifications, from emails to financials. The negative press and effect on senior executives rippled through the company and industry with unparalleled waves. We would hope media companies would have learned some hard lessons from that breach; but apparently not. To that end, it is important to note that Netflix themselves did not leak the series in a breach like what happened with Sony. The digital copies were stolen from Larson Studios, an audio production company authorized to have copies for automatic dialogue replacement. The hackers (TheDarkOverlord), claims Larson agreed to pay the ransom but in fact did not and now they are trying extort money from Netflix. To make this situation worse, the studio produces work for several major US TV studios. This breach, and subsequent torrent episode releases (the first 10 from the latest unreleased season) may just be the tip of the iceberg for stolen media. And, for those in the business, this fact emphasizes the weaknesses in any supply chain and the ramifications of security flaws along the entire workflow when multiple companies share information with a single vendor that is not properly segregated. As for the breach itself, in a public comment from the hacker, they indicated "You're going to lose a lot more money in all of this than what our modest offer was. We're quite ashamed to breathe the same air as you. We figured a pragmatic business such as yourselves would see and understand the benefits of cooperating with a reasonable and merciful entity like ourselves. And to the others: there's still time to save yourselves. Our offer(s) are still on the table - for now." Clearly, reasonable is out of the question and extortion and ransom are their only goals. The breach confirms findings from the 2017 Verizon Data Breach Report that 73% of all attacks are financially motivated and no business, or vertical, is immune from attackers. As with any breach, a detailed analysis will reveal recommended mitigations and remediation to prevent future incursions. Most of the time these include security basics such as implementing privileged access management and vulnerability management. Sensitive data of any type should always have additional controls, including file integrity mnitoring, least privilege, network segmentation, and auditing. These best practices are low hanging fruit. If organizations can get these basics done right, many of these breaches, and the incidents leading up to them, can be prevented. If you need help figuring out how, contact us today.

Morey J. Haber

Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.