Cyber security risks of Game of Thrones

Cyber security risks of Game of Thrones

In our new column, Steve McGowan our Security, Risk and Compliance Director takes you through some of the security risks faced when illegally streaming Game of Thrones and how criminals leverage of its high demand.

Yesterday was the day all of us nerds have been waiting for, its Game of Thrones day! But in all the excitement we see concerns around Cyber Security. What are the risks of big TV events to your business? Also, if you’re looking to avoid spoilers, I’ve got a tip for you.

You may have some bleary-eyed staff members in the office today, they probably haven’t had a big Sunday night but instead, have been watching Game of Thrones, some of our team stayed up to watch the season premiere at 2 am or in the case of one got up at 6 am and watched it twice.

But with big TV events, there is a risk to your business and that comes from where your staff are catching up on the latest shows or events.

(I’m not going to talk about the legal aspect of streaming from dodgy sites but that should also be a consideration if you’d like more info on it check out FACT UK)

We monitor our customer's networks and endpoints, we can tell if there has been a major sporting event on a weekend. If Conor McGregor or Anthony Joshua fights our alerts system flags multiple infections at that time, funnily enough when we contact the user they have no idea how their laptop got infected at 3 am on a Sunday morning!

The same thing happens for major TV shows and there is no bigger than Game of Thrones. Today episode 1 of the final series will be downloaded or streamed illegally probably more than its watched through genuine sources.

So, what’s the risk?

There are 3 ways that someone will watch the show online, either through Sky Go / Now TV, illegally they will download it from a torrent or similar, or most likely stream through a site.

If you download an episode from a torrent you have no idea what you’re also downloading or if it will even be the file, cybercriminals are just like any other business, they will hijack a large event to get easy distribution of their malware.

Your download may contain ransomware which will install on the machine you download it on.

I’m sure you’ve heard of ransomware but if not, it’s when malware is installed on your computer which locks all the files both on your computer and any network shares it has access to, encrypting them, and only allowing you access to them if you pay the cybercriminal that created it a ransom.

It may also install banking Trojans that will hijack your bank account or crypto mining malware that will use your computer's resources to create cryptocurrencies for the criminal.

The other way that people may watch it is through a variety of streaming sites. These sites are a minefield. They have lots of pop-ups for who knows what and though they will show you the show, they try and trick you into installing malware that will give you the same problems as described above. They may also be infected with what we call drive-by malware. So you won’t even know that you have been infected until its too late.

2018 research by ICM found that:

  • 1 in 4 people who stream illegally have been affected by viruses and malware
  • 1 in 10 people who stream illegally have been a victim of fraud
  • 1 in 20 people who stream illegally have had their personal details stolen

OK, so what can we do?

When we look at risks to a business, we look at a few mitigations, usually technical or organisational.

I always like to start with organisational because it's better to prevent the risk occurring than controlling it if it does occur.

Make your staff aware of the risks when it comes to watching pirate material on corporate (or for that matter any) devices.

When they are aware of the risks, have an acceptable use policy that states company devices and connections are not to be used for illegal material. If you need an example drop us a message and we'll be happy to provide a template.

Ensure that all staff are aware of this policy within your company handbook and if it isn’t followed it may result in disciplinary action.

Secondly, we look at technical controls because people make mistakes or just don’t follow rules.

Technical controls should include a firewall on your internet connection that has traffic filtering by category, so when a user attempts to a streaming site they are blocked with a nice message that informs them they shouldn’t be using this on a work connection. You must keep an active subscription to ensure these site databases are kept up to date. Your IT provider should be offering a managed firewall / unified threat management solution to solve this for you.

But what about remote workers who use home connections away from the office firewall? Well, we have another layer of defence in DNS protection, DNS protection will act as a content filter when a user attempts to access a site which is deemed unsafe, the same way as the firewall does. We install this across all our user base so no matter where they are they have this layer of protection.

Finally, if the user is still able to get to the site and they happen to get infected you need to have 2 things in place.

Users should not be local admins, this prevents the malware from being able to install.

Should that fail, a modern anti-virus solution that will detect the threat, report its happening and prevent execution.

Should all that fail, ensure your data is backed up and available in the event of a real disaster.

No alt text provided for this image

There are some tips to protect your users and your business from attack and instead enjoy the attack on the Night King from Daenerys and her dragons.

Thanks for reading, I promised a tip to avoid spoilers. If you don’t want to be shown any posts that contain Game of Thrones on Twitter, you can mute keywords and hashtags for 24 hours till you’ve seen the episode. Twitter calls it advanced muting. Full details can be found here.