What you need to know:

• Nine overnight said it had contained a "sophisticated and complex" cyber attack.
• Its corporate network, however, had been disconnected from the internet and all internal networks such as broadcast, publishing and individual state operations had been unplugged from each other.
• Nine CEO Mike Sneesby highlighted the importance to staff of a note from Nine CTO Damian Cronin to "read and follow instructions...regarding diagnostics and remote working".
• Blackberry CMO Mark Wilson said Covid-induced remote working had spawned a booming “hacking as a service” industry in the past year.
• Corporate espionage was growing across industries beyond “the usual suspects” including gaming and healthcare, he said.
• Nine's attack follows a similar raid on the TV industry ratings service, OzTam, in July last year.     

Hacked off

Nine CEO Mike Sneesby asked staff in an update late yesterday to “read and follow instructions” at the end of an accompanying note from his CTO Damian Cronan “regarding diagnostics and remote working”, as a number of Nine’s core systems remained offline.

Cronin made it clear Nine had contained the “sophisticated and complex” cyber raid “and we are confident our technology teams have isolated the attacker and the specific destructive activity”. But Nine’s countermeasures meant its corporate network had been disconnected from the internet and all Nine’s internal networks such as broadcast, publishing and individual state operations had been disconnected from each other.

After an earlier hack which brought down the TV industry’s ratings service, OzTAM, in July last year, it was precisely Nine’s scenario that Blackberry’s CMO Mark Wilson warned of three weeks ago in Mi3. 

Covid-induced remote working had spawned a booming “hacking as a service” industry for old hands and was behind a surge in hacker aspirants through 2020.

Hacking as a service

Although it remains speculation whether other nation states, opportunist hackers or corporate espionage was behind Nine’s attack, Wilson said companies engaging “hack-for-hire” to disrupt rivals and gather IP is becoming “more pervasive”. 

“We’ve seen a huge rise in 'hack for hire' companies; for profit companies that people engage to hack other companies,” said Wilson. “So the hackers did not take a break. There was no Covid fatigue for them. They went out hard for different audiences.

“You can now be in hacking as a service – and you don't even need to be an expert in hacking. If you want to get into the business of extorting other people and ransomwaring other people, there's a website for that. You can create your own company and you can then basically outsource the whole hacking-as-a-service business. It’s crazy, but anybody can get into this business.”

Wilson said corporate espionage was growing across industries beyond “the usual suspects” including gaming and healthcare.

“One classic is healthcare,” he said. “They'll go after healthcare because healthcare is not these monolithic, large multinational companies. It can be more local organisations. They may not have the same security infrastructure that a Citibank has or Goldman Sachs has. So they can go after them… 

“You may not think gaming would be a target, but it's an industry where there are technology and trade secrets – and people want them. It’s becoming more pervasive, and now more industries are being targeted than the usual suspects.”