Insomniac Games breach reveals concerning shift in tactics – expert

A cyber breach at Sony-owned Insomniac Games reveals a concerning shift in tactics by threat actors, according to the head of a risk mitigation company.

“These actions by the hacking group Rhysida against Insomniac show how rapidly conventional ransom attacks are transitioning into straight extortion initiatives,” said Kirsten Bay, CEO of Cysurance. “As organizations demonstrate the ability to more successfully manage ‘conventional’ ransom attacks, threat actors have intensified their focus on reconnaissance and exploitation. This has resulted in higher demands and shorter deadlines for ransom payments as threat actors land, expand and gain control over enterprise resources, while opening exploits against key trading partners.”

Last month, Rhysida posted more than a terabyte of Insomniac’s internal data to its darknet site after the ransom deadline passed, according to a report by cyberdaily.au.

Bay said this evolution in strategy represents an existential threat to all organizations – and to insurance companies that underwrite cyber risk.

Read next: Cyber insurance should go hand in hand with cyber resilience

“It is a wake-up call for players across industry segments to review the implementation of coordinated, integrated and automated security controls, such as identity and access management, endpoint management, and critical data encryption,” she said. “It is the only way organizations can prevent the spread and severity of attacks.”

Cysurance said that the entertainment technology sector – and especially the gaming industry – is an application development-intensive environment.

“I expect organizations that fit this profile – and the insurance companies that write policies to protect them – to explore the role SaaS-based DevSecOps service providers can play in mitigating the impact of such attacks,” Bay said.

Bay said that as analysis of the Insomniac cyber breach continues, cyber underwriters will look for insights into such questions as how long the breach was in place before detection and the effectiveness of controls in mitigating the attack.

Have something to say about this story? Let us know in the comments below.