Sony Pictures Breach: What Can We Learn?

Updated on

A group known as #GOP (Guardians of Peace) has claimed responsibility for the attack, and the ransom screen they put on the Sony Pictures network has been shown in an image originally posted on Reddit. Several compressed .zip files which allegedly contain internal financial reports have also been posted.

Sony Pictures hacked

Sony Pictures: Hacking experts speak out

Security experts have claimed that the Sony Pictures attack is far from unique, but interesting all the same. According to Todd Harris, director at Core Security, the attack constituted an intriguing mixture of hacktivism, social engineering, intellectual property theft and classic data breach.

“While the hack itself doesn’t surprise me, the varying tactics used does,” he said. “Not only was the entire network disabled, but the hackers put circa 1980s graphics on everyone’s computers with a semi-threatening warning in broken English.”

Mike Davis, CTO of CounterTack, told eWEEK that being held to ransom is rare but has happened before, including a few cases in Mexico where networks were held hostage until hackers were paid off.

Companies need to take action

Davis points out that Sony’s response to the attack was unsophisticated, simply shutting down systems to prevent further problems. “This information highlights that even after being breached multiple times, the firm most likely does not have the ability to rapidly perform incident response to understand what the attack has done, where the attacker is and how to remediate the attack quickly,” he said.

Kevin O’Brien, vice president and founding team member at Conjur, claims that companies should find a new role-based way to segment permissions which could adapt to how people and code interact on today’s networks. Another of his ideas is for organizations to keep access and authentication logs separate from the systems which produce them.

Tim Keanini of Lancope also advises that companies should keep up constant monitoring of their networks. He claims that without the ransom demand it could have been a long time before the attack was detected, and companies need to take greater responsibility for detecting breaches themselves.

Leave a Comment