In Hollywood, cybercriminals have found a lucrative niche: While they may not be able to break into a Universal Studios or a Netflix directly, they have learned<br />that the highest-profile targets are supported by a system of soft targets — content collaborators, remixers, postproduction studios and others — that do not have the same resources, security technology or sense of paranoia.<br />In a carefully tailored message, the hackers urged an executive at September Management, a music management business,<br />and another at Cherrytree Music Company, a management and record company, to send them Lady Gaga’s stem files — files used by music engineers and producers for remixing and remastering.<br />Last year, TheDarkOverlord — the hacker believed to be behind the attacks against Netflix<br />and Hollywood studios — menaced a midsize investment bank, a glue company, a cancer charity, health care providers and other charities across the country.<br />Some of Synack’s clients — and increasingly some insurance underwriters — have started asking the company to look into possible vendors.<br />“The problem is that security firms sell their software to the 1 percent of companies<br />that can afford it, but the real damage continues to come from below.”<br />The security weaknesses of vendors are increasingly the weaknesses of their clients, no matter how fortified their own networks.<br />The heist — which has not been reported previously — was a classic example of how hackers exploit the weakest link in the extensive chain of vendors, postproduction studios and collaborators<br />that corporations must trust with their most valuable intellectual property.
