Joker beats 1917 to win the Most Dangerous Film award

The 92nd Academy Awards will take place on February 9. We know who and what was nominated for an Oscar, but the winners remain a closely guarded secret. Apart from one. As for the Most Dangerous Movie award, that winner has already been revealed. Narrowly beating other nominees, including 1917 and The Irishman, the winner is: Joker.

And the loser is…

You might not think there’s much danger when it comes to the annual Oscar show, but you’d be wrong. Forget about politics, online arguments and trolling; the danger is perhaps surprisingly there in terms of cybercrime. I say maybe because, for those working in the cybersecurity industry, nothing could be more predictable than the trending media story of the moment being hijacked by criminals to spread malware. In such cases, the loser is the one whose guard drops for a moment.

More recently, it was the Super Bowl LIV final that caught the eye of hackers who compromised the social media accounts of the ultimate winners, the Kansas City Chiefs, their opponents the San Francisco 49ers and the NFL. -same.

In Hollywood entertainment, rather than sports, we’ve seen how googling for Star Wars: The Rise of Skywalker can be a costly mistake. In the case of this Star Wars movie, more than 30 fraudulent websites and social media profiles were posing as official movie accounts to scam visitors or distribute malware.

Kaspersky researchers, responsible for uncovering the Star Wars statistics, have re-examined the cybercrime interest around Hollywood. This time it applies to movies that were nominated for the Best Picture Oscar at the 92nd Academy Awards this weekend.

And the winner is…

According to these Kaspersky researchers, a total of 925 malicious files were detected among the threats aimed at attracting moviegoers and Oscar fans. These files have been specially created to please anyone interested in the Oscars by promising, for example, to provide free access to the films on this list of best pictures. The best of the lot, and therefore the winner of the Most Dangerous Movie award, was Joker. Something of a favorite in the cybercriminal world, the Joker franchise had previously been used as the name for both an infamous black market selling stolen data and malware that infected half a million Android smartphones in 2019. .

Kaspersky has now revealed that Joker was the name associated with a total of 304 of those 925 discovered malicious files. 1917 was behind second place with 215 malicious files, and The Irishman came in third in this dishonorable awards category with 179. Interestingly, the first South Korean film to earn a Best Picture nomination, Parasite, had no no malicious activity. associated with it at the time of the search. Knowing these threat actors’ propensity to embark on a trend, it wouldn’t surprise me if that changed before the awards show itself, and certainly soon after if Parasite were to confuse the pundits and win.

The bigger picture

In total, Kaspersky uncovered more than 20 phishing websites and Twitter accounts attacking visitors with the allure of the 92 Oscar nominees. This lure, as one might expect, being the offer of a chance to stream the film concerned for free. The methods used to harvest data while clearing the way for that free movie ticket were equally predictable: bogus surveys, adware, and the need to take credit card details as proof of age among them. Even if the star-dazzled bargain hunter were to grant one or all of these requests, that free movie would never be available at the end of the process.

Kaspersky also delved into the relationship between the availability of movies and the appearance of illegal copies and the malicious activity associated with them. After the general theatrical release, he said, some films showed no such malicious activity online. However, as soon as the movie started streaming on Netflix, things changed. That wasn’t true in all cases, but whenever a movie became a hot trend, you could be sure cybercriminals were there, front and center. “Cybercriminals aren’t exactly tied to movie premiere dates because they don’t really distribute content except for malicious data,” Kaspersky malware analyst Anton Ivanov said, “however, as they always tackle something when it becomes a trend, it depends on user demand and actual file availability.”

The Cybersecurity Professional, Part-Time Movie Critic, Opinion

“Since working in cybersecurity and spending my free time re-watching pre-release movies, I think I have a somewhat unique view of this world,” said Tyler Reguly, head of research and of safety development at Tripwire, “When I get a new movie from a studio, I’m always amazed at how many people want me to share a copy with them.” Given that “I want it for free” attitude, Reguly struggles to be sympathetic when people are compromised after trying to steal a movie. “We talk about acceptable risk and threat avoidance or mitigation all the time,” Reguly said, “people who pirate content are throwing those concepts out the window.” He’s right, because it’s no secret that piracy sources are also often plagued with malicious content. The lure of getting something for nothing is just too strong for many, it seems. “We always talk about user education,” Reguly continued, “most of the time those of us in the industry laugh and wonder how it could be as bad as it is.” Then, he said, “we see stories like this, where people are so reluctant to spend a few dollars to rent a movie that they’d rather risk their credit history to see the movie for free.”

Mitigation Tips for Moviegoers and Oscar Fans

I talked to Ian ThorntonTrump, CISO at Cyjax, for his advice on mitigating the risks as outlined by this Kaspersky study. “Let’s take a step back and understand what’s really going on here,” says Thornton-Trump, “it’s highly likely that a movie found on a torrent site is stolen content, so it could clearly impact you personally. if you uploaded content to a work item.” Beyond that risk, says Thornton-Trump, “although the content of the media file itself may be intact, sites used to find torrents or stream torrents are going to have all kinds of nasties ranging from popups, Trojans, unwanted programs and if you’re really unlucky with a ransomware payload.” And all this before considering the risk of being legally liable under various copyright infringement and piracy laws depending on where you watch the pirated movie. The mitigation advice should be obvious by now, but just in case, I’ll let Thornton-Trump explain it: “It’s just not worth the risk to your livelihood or your bank account trying to get this material, the consequences could be catastrophic. for your data, and that might be the least of your worries.”

Kaspersky provided the following bulleted list of recommended security steps this awards weekend and beyond:

1. Pay attention to official movie release dates

2. Don’t click on suspicious links, like those that promise a first view of a new movie

3. If you are going to download a video file from a source that you consider reliable and legitimate; the file must have a .avi, .mkv or .mp4 extension among other video formats, definitely not .exe

4. Don’t visit websites that let you watch a movie until you’re sure they’re legit

5. Confirm the website is genuine by double-checking the format of the URL or the spelling of the business name