×
  • remind me tomorrow
  • remind me next week
  • never remind me
Subscribe to the ANN Newsletter • Wake up every Sunday to a curated list of ANN's most interesting posts of the week. read more
You are welcome to look at the talkback but please consider that this article is over 2 years old before posting.

Forum - View topic
NEWS: NHK Report: Toei Animation Hack Was Ransomware Attack


Goto page 1, 2  Next

Note: this is the discussion thread for this article

Anime News Network Forum Index -> Site-related -> Talkback
View previous topic :: View next topic  
Author Message
NJ_



Joined: 31 Oct 2009
Posts: 3120
Location: Wallington, NJ
PostPosted: Fri Apr 08, 2022 7:37 am Reply with quote
Ouch!

IIRC, this was the same kind of attack that affected Capcom two years ago which led to a lot of stuff getting leaked.
Back to top
View user's profile Send private message
FrodoGate222



Joined: 21 Jun 2019
Posts: 107
PostPosted: Fri Apr 08, 2022 8:20 am Reply with quote
I wonder if this has affected the development of One Piece Film Red?
Back to top
View user's profile Send private message
DRosencraft



Joined: 27 Apr 2010
Posts: 675
PostPosted: Fri Apr 08, 2022 8:39 am Reply with quote
Yeah, once stuff was getting delayed by weeks it was clear that there were only two real possibilities; someone went in and deleted stuff, or access was being blocked as in a ransomware attack. As is always the case, someone likely got an email they thought was legit, clicked a bad link, and boom goes the dynamite. It's unlikely we will ever know for sure if they managed to root out the ransomware, or just paid off the attackers. Either way, this is likely costing them a bunch and created massive headaches.
Back to top
View user's profile Send private message Visit poster's website
Hoppy800



Joined: 09 Aug 2013
Posts: 3331
PostPosted: Fri Apr 08, 2022 8:59 am Reply with quote
Case closed

Toei should keep offline backups of finished episodes next time, also tell your employees not to click every email they see.
Back to top
View user's profile Send private message
Ruhrpottpatriot



Joined: 26 Aug 2021
Posts: 68
PostPosted: Fri Apr 08, 2022 9:27 am Reply with quote
Of course you need a backup, the 3-2-1 rule always applies, but offline backups, unless they are on tape, are usually a waste of money (spinning rust ages pretty fast if not used). Just get a decent cloud provider like Azure, AWS or whatnot to store your encrypted data and rsync a delta each day and full backup each weekend. Automatically of course with a special account that nobody has access to. With that employees can only read from backup and you loose a week's work at most in the absolute worst case. Encryption keys can the be stored offline and airgapped on tape or on thumb-drives (but since flash is notoriously unreliable just go tape).

This knowledge is pretty much data security 101, but companies still try to save money and then everybody whines when things go down the drain.
Back to top
View user's profile Send private message
ximpalullaorg



Joined: 16 Jan 2007
Posts: 396
PostPosted: Fri Apr 08, 2022 9:55 am Reply with quote
Ruhrpottpatriot wrote:
Of course you need a backup, the 3-2-1 rule always applies, but offline backups, unless they are on tape, are usually a waste of money (spinning rust ages pretty fast if not used). Just get a decent cloud provider like Azure, AWS or whatnot to store your encrypted data and rsync a delta each day and full backup each weekend.


Offline backups are never a waste of money IMO (even with the downside of not using tapes), especially if for any reason the access to cloud providers is cut off (and this can and will happen). Not to mention, misconfigurations in AWS, Azure, etc that end up in data being exposed (or worse) are nothing new.
Without any idea of how Toei's systems are set up and which policy is being used it's difficult to say how it happened (though personally I wouldn't surprised if it was more social engineering than say, a mail) and what can be done to avoid another situation like this.
Back to top
View user's profile Send private message
Ruhrpottpatriot



Joined: 26 Aug 2021
Posts: 68
PostPosted: Fri Apr 08, 2022 10:45 am Reply with quote
Quote:
especially if for any reason the access to cloud providers is cut off (and this can and will happen).

A decent cloud provider will have an SLA with downtimes of 24 or 48h on average at the minimum. Even if if at some point takes longer you still have a local backup. That's what the "2" in 3-2-1 stands for: Three copies for each data, two backups (one remote and one local) and one working copy.

It also doesn't matter if you can't reach your cloud provider during the attack. Your data you pull from remote is going to be encrypted again anyway and after that, that one or two days's not going to matter much, if at all.

Offline storage is more dangerous anyway as there's really no way to make disks read only. Even if you could, you'd have to make them writeable and plug them in to the system to backup your data and that's precisely the problem. No ransomware attacks immediately. It can slumber for days, weeks if not months and then encrypt when you plug in your external drive(s).
And if the attacker is somewhat clever, they don't encrypt immediately and only when the drive is almost full to get the maximum out of it. After all, they don't care for episodes aired already, but those very close to being aired.
For you as IT-Sec you now have the problem, that you don't know when and if you're going to be attacked. You don't know what's the target.
So the only (as in: most secure) solution would be to store only one episode on each disk, which is a huge waste of money, disks and storage space. Anything else has the potential to destroy weeks of work. And that doesn't even factor in the laziness of humans. What if an employee doesn't want to go to storage to check out a new disk an plug in an old one? No security against that.
Cloud storage on the other hand, has automatic syncs for a few folders (which you can easily monitor for weird data) and then can pack disks to the brim at the remote servers. No humans involved that make errors and no storage space wasted.

And then there's the issue of restoring your data. If you plug in your backups too early you risk your offline storage getting encrypted, too. If you pull from cloud, since your user has only read access you don't risk anything.


Quote:
Not to mention, misconfigurations in AWS, Azure, etc that end up in data being exposed (or worse) are nothing new.

Well... yeah. Duh! But the same can be said for any network configuration. So stop using networks and the internet altogether? Probably not.
Back to top
View user's profile Send private message
Nate148



Joined: 24 May 2012
Posts: 521
PostPosted: Fri Apr 08, 2022 2:19 pm Reply with quote
Not shocked.
Back to top
View user's profile Send private message
TheMorry



Joined: 08 May 2014
Posts: 660
PostPosted: Fri Apr 08, 2022 3:49 pm Reply with quote
Despite that i hate hacks and I'm sorry for them i really wished that awfull DB super cgi fugly movie got lost.
Back to top
View user's profile Send private message
Penrhos



Joined: 09 Jun 2021
Posts: 169
PostPosted: Fri Apr 08, 2022 5:15 pm Reply with quote
The company I work for is spending a fortune on immutable backup solutions because of the risk from ransomware.

Just having 321 backup strategy isn't good enough anymore. Some ransomware targets backups first or may wait long enough for all your backups to have been encrypted before triggering the ransom demand. Plus there's always the issue of how much data leaks out undetected while the threat vector is active.

Firewalls. Antivirus, patching, education & uncorruptable backups are the only protection.
Back to top
View user's profile Send private message
TarsTarkas



Joined: 20 Dec 2007
Posts: 5958
Location: Virginia, United States
PostPosted: Fri Apr 08, 2022 6:15 pm Reply with quote
Lot of companies think it is far cheaper to take the risk and pay up if they get attacked, than to pay the cash for the cyber protection and recovery in advance. Or they think it is something they can pay the lowest (cheapest) price for. And not implementing the most basic of cyber awareness training for their employees.
Back to top
View user's profile Send private message
Covnam



Joined: 31 May 2005
Posts: 3850
PostPosted: Fri Apr 08, 2022 9:36 pm Reply with quote
Ah, that makes sense. I guess they didn't have good redundancy measures in place =/
Back to top
View user's profile Send private message
Ruhrpottpatriot



Joined: 26 Aug 2021
Posts: 68
PostPosted: Sat Apr 09, 2022 7:16 am Reply with quote
Penrhos wrote:
Just having 321 backup strategy isn't good enough anymore.

It's good enough if you do it right. Just taking 3-2-1 as the number of backups isn't enough. But also the original rule never said it was. At least one backup must be offsite and those backups be immutable. But -- again -- that's data protection 101.

There's really no need to spend a fortune on that, but you also shouldn't cheap out on.
Back to top
View user's profile Send private message
vgiannell5



Joined: 10 Jan 2012
Posts: 100
PostPosted: Sat Apr 09, 2022 2:42 pm Reply with quote
FrodoGate222 wrote:
I wonder if this has affected the development of One Piece Film Red?

I'm sure is has. They just haven't announced it just yet.
Back to top
View user's profile Send private message
Cutty Mink



Joined: 13 Feb 2022
Posts: 26
PostPosted: Sat Apr 09, 2022 3:59 pm Reply with quote
Ruhrpottpatriot wrote:
Of course you need a backup, the 3-2-1 rule always applies, but offline backups, unless they are on tape, are usually a waste of money (spinning rust ages pretty fast if not used). Just get a decent cloud provider like Azure, AWS or whatnot to store your encrypted data and rsync a delta each day and full backup each weekend. Automatically of course with a special account that nobody has access to. With that employees can only read from backup and you loose a week's work at most in the absolute worst case. Encryption keys can the be stored offline and airgapped on tape or on thumb-drives (but since flash is notoriously unreliable just go tape).

This knowledge is pretty much data security 101, but companies still try to save money and then everybody whines when things go down the drain.


As someone who has been in web hosting and systems administration for a decade, I agree. Not only that, but there are affordable solutions for hourly or multiple time per day backups.

There's absolutely no reason Toei should have lost more than a few hours of work.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Anime News Network Forum Index -> Site-related -> Talkback All times are GMT - 5 Hours
Goto page 1, 2  Next
Page 1 of 2

 


Powered by phpBB © 2001, 2005 phpBB Group