Security researcher Jerome Segura from Malwarebytes thinks that several people probably received an infected document that contained the exploit. That would mean that at least one person in each of the relevant departments received an email or went to a Website containing the exploit and ran it. That leads us back to the problem of inadequate training.
Segura said that Malwarebytes and other security companies have already obtained the malware and are studying it to see how it works and where it came from. He said that one thing that makes the malware unique is that it was designed specifically to cause operational damage to Sony Pictures and that there was nothing in it that was designed to steal financial information, which is the usual motive for malware.
"This one is just pure damage," Segura said. "It's very targeted to Sony Pictures. We haven't seen this type of infection for a long time." He said that nearly all malware today is intended to be used for financial gain and that malware writers avoid causing damage so that they can collect data for a longer time.
Perhaps more unsettling, Segura said that he and his colleagues are already seeing other, closely related malware in the wild, which means that either the original authors of this malware are expanding their horizons or that other malware distributors are modifying this malware for new purposes and are releasing it again.
Segura also noticed one other characteristic of the Sony Pictures breach that's giving him pause. How is it, he wonders that several terabytes of data could have been exfiltrated from Sony's network without anyone in the company noticing? So far there's no indication that the malware had any capability that would explain this.
Of course there's also another option. Perhaps the attack on Sony Pictures, the theft of personal data and the theft of the movies were independent operations. Could it be that the attack exposed the Sony Pictures network to the world, at which time other hackers came down to feast on the remains, much like vultures feast on the dead and disabled victims of other predators?
After all, like every large organization, Sony Pictures must have been under constant attack by hackers who could never get past the firewalls and when the attack happened, those barriers were gone. If that's the case, then the FBI doesn't need to look for one massive super-hacker, but rather to a single hacker that targeted Sony, followed by a collection of other hackers who simply got lucky.
If that's the case, then it speaks more strongly than ever to the reasons why your network needs to be highly compartmentalized. It's the only way to keep lucky intruders out.