FuboTV exposed in a primetime hack.
Streaming service FuboTV reported that it was the victim of a cyber attack last Wednesday that knocked out access to the service during the World Cup semi-final between France and Morocco.
How streaming was denied.
The Record reports that around 9:20 a.m. Wednesday, the company reported an investigation into account-related issues, namely logging in and creating accounts. They reported that they were working to resolve the issue throughout the day, although by midnight they acknowledged that some people were still unable to access the service. The Hollywood Reporter says a statement from the company, released Thursday morning after the incident, said “the incident was not related to any bandwidth restrictions on Fubo’s part,” and “FuboTV takes this matter very seriously. Once we discovered the attack, we took immediate action to contain the incident and worked to restore service to all of our users as quickly as possible. Service was fully restored last night. We deeply apologize for the disruption caused by this incident in the meantime.” The statement has since been updated, noting that service disruption is no longer a concern and that the World Cup final went off without a hitch.
Some industry commentary on the FuboTV outage.
Nabil Hannan, CEO of NetSPI, talks about the expectations of a streaming service like FuboTV, and security to defend the service:
“With homes having access to faster internet speeds and the ease of using app-based streaming services, most households have started switching to paid TV subscriptions such as Hulu, YouTube TV, FuboTV, etc. They are convenient and easy to use – especially today when people have multiple devices they use and can access this service on the go. With this trend, people pay for these services with the expectation that the service will work and be available, especially during popular events like the World Cup. Reputation and reliability are the keys to being able to survive in this industry because there are so many other options if the quality of service starts to deteriorate. Knowing this, we see that attackers often use times when the demands on the services are high to try to carry out attacks.
“These services also often pay for bandwidth and processing power (cloud computing in most cases) to serve their customers. If attackers can identify vulnerabilities that can affect the availability of the service, this will have a negative impact on the end users of the service. Attacks such as DDoS attacks are often used to disrupt such services, although in the case of FuboTV, there may not be many details given as to what weakness specifically allowed attackers to breach their systems, just like any other service provider, build security into and add defenses to in-depth techniques when deploying systems are table stakes for companies today to be more resilient to cyber attacks.”
Ben Johnson, CTO and co-founder of Obsidian Security, discusses the incident and the impact this time of year has on threat actor activity:
“While details are still sparse regarding exactly what happened to FuboTV, this incident should serve as a reminder that attacks don’t always have to be about exfiltrating data or deep access to an environment – denial, disruption and degradation can be very effective tactics for cyber attackers to achieve desired results.
“As these attacks tend to increase during holiday periods when teams are even less staffed, organizations need to be especially vigilant against threat actors. It is recommended that teams remind employees to add extra scrutiny to unexpected emails and ensure that the right the incident responses and communications are in place to significantly strengthen companies’ chances of dealing with holiday cyber threats.”
Karen Worstell, senior cybersecurity strategist at VMware, discusses the temptation of the holiday season for malicious actors:
“Cybercriminals know that major world celebrations, events and holidays are a prime time to launch cyberattacks. When it comes to popular events like the World Cup, many people around the world tune in through streaming apps and services, creating a greater attack vector – especially when vigilance is low and password protection methods such as multi-factor authentication are overlooked. During this season, it is more important than ever for everyone to be extra vigilant.
“Large organizations know the holiday season cyber attack drill well. During weekends or holidays, organizations may be tempted to operate with reduced staff, resulting in longer response times and more potential damage. A best practice is to anticipate the increased level of cybercrime in during the holiday season and create incentives and bonus time off for leadership and detection and response teams so they can remain fully prepared with first-class response capability.”