A group known as #GOP (Guardians of Peace) has claimed responsibility for the attack, and the ransom screen they put on the Sony Pictures network has been shown in an image originally posted on Reddit. Several compressed .zip files which allegedly contain internal financial reports have also been posted.
Sony Pictures: Hacking experts speak out
Security experts have claimed that the Sony Pictures attack is far from unique, but interesting all the same. According to Todd Harris, director at Core Security, the attack constituted an intriguing mixture of hacktivism, social engineering, intellectual property theft and classic data breach.
“While the hack itself doesn’t surprise me, the varying tactics used does,” he said. “Not only was the entire network disabled, but the hackers put circa 1980s graphics on everyone’s computers with a semi-threatening warning in broken English.”
Companies need to take action
Davis points out that Sony’s response to the attack was unsophisticated, simply shutting down systems to prevent further problems. “This information highlights that even after being breached multiple times, the firm most likely does not have the ability to rapidly perform incident response to understand what the attack has done, where the attacker is and how to remediate the attack quickly,” he said.
Kevin O’Brien, vice president and founding team member at Conjur, claims that companies should find a new role-based way to segment permissions which could adapt to how people and code interact on today’s networks. Another of his ideas is for organizations to keep access and authentication logs separate from the systems which produce them.
Tim Keanini of Lancope also advises that companies should keep up constant monitoring of their networks. He claims that without the ransom demand it could have been a long time before the attack was detected, and companies need to take greater responsibility for detecting breaches themselves.