Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Sony Pictures Reels From Hacker Attack

    Written by

    Sean Michael Kerner
    Published November 25, 2014
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Sony Pictures reportedly has been hit by an attack that has taken over its network and locked out its employees. The group behind the attack calls itself the #GOP (Guardians of Peace) and is allegedly holding Sony Pictures’ data hostage.

      An image originally shared on Reddit shows the ransom screen that the #GOP hackers put on the Sony Pictures network. The attackers have also posted several compressed .zip files that include alleged internal Sony Pictures financial reports.

      Security experts contacted by eWEEK regard the Sony Pictures breach as an interesting event, though it is one that unfortunately is not unique.

      Todd Harris, director at Core Security, said the attack is an interesting blend of hacktivism, social engineering, intellectual property theft and classic data breach.

      “While the hack itself doesn’t surprise me, the varying tactics used does,” Harris said. “Not only was the entire network disabled, but the hackers put circa 1980s graphics on everyone’s computers with a semi-threatening warning in broken English.”

      Mike Davis, CTO of CounterTack, told eWEEK that what is happening to Sony Pictures is not common but has definitely happened in the past. As examples, Davis noted a hospital network that was held hostage by an attacker as well as a few events in Mexico where attackers held networks hostage until paid.

      Defenses

      While the specific root cause of how the attackers were able to compromise the Sony Pictures network is not yet known, there are a number of best practices that enterprises should consider to limit risk.

      One of the interesting aspects of the Sony Pictures breach, Davis noted, is that Sony’s attempt to remediate the problem simply involved shutting down systems to reduce the risk of further problems.

      “This information highlights that even after being breached multiple times, the firm most likely does not have the ability to rapidly perform incident response to understand what the attack has done, where the attacker is and how to remediate the attack quickly,” Davis said.

      There is no magic bullet for security, according to Kevin O’Brien, vice president and founding team member at Conjur. In general, organizations should stop relying on LDAP-based systems to segment permissions and find a role-based alternative that can adapt to the ways people and code actually interact on modern networks, O’Brien told eWEEK. He also suggests that organizations keep complete and immutable access and authentication logs and keep them away from the systems that generate them.

      The idea of constant monitoring to help limit risk and speed the path to remediation is a theme that Tim (TK) Keanini, CTO at Lancope, also advocates.

      “Companies have invested in security defenses, and it is time they become more strategic and think about the larger picture of business continuity in the face of advancing threat,” Keanini said. “Specifically ensure that network communications of all types, good and bad, are monitored so that there is nowhere for these adversaries to carry out their operations without being detected.”

      If in the Sony Pictures attack there was not the blackmail attempt, it could have been months or even years before the attackers were detected, he said.

      “Are we saying that adversaries have to be the ones to tell you that your computer systems have been compromised?” Keanini said. “There is a way to turn the entire network into a sensor grid, and companies need to make this investment sooner than later as most have already been compromised and just don’t know it yet.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.