Sony Cancels “The Interview” – A New Breed Of Terrorism?

Sony pulling its latest movie – The Interview – in the wake of Guardian of Peace terrorist threats could, in many ways, be the start of an alarming trend.

Of course it goes without sating that the US rightly remembers September 11 and the awful repercussions of that day that continue to be felt around the world, but this latest development could represent a new breed of terrorism in which the online and real worlds come together.

As Eugune Kaspersky said:

The fact that GOP was able to achieve its aims via web-based threats is concerning and could have very real consequences in the future and could indeed shape it.

As Ian Pratt, co-founder, Bromium says:

“Corporate networks get compromised by hackers every day, but the public rarely get to hear about it. The motives of the attackers are usually to steal intellectual property (product designs or business intelligence) or personal information (credit card numbers or health records). These attacks are performed stealthily, frequently without detection by the corporate security team, at least until much later.

Increasingly, some hacking groups are attempting to extort money from businesses through threats of service outages or destruction of data. Although the business will be clearly be aware of such attacks, they rarely become public knowledge.

The Sony Pictures attack is unusual in that the whole aim of the attackers has been to maximize the publicity from the attack and to scare Sony and other businesses into complying with their wishes. To that end, they seem to have been very successful. The attack has been a sobering reminder of how critical the information on our computer systems is. The attackers are reported to have stolen a terabyte of data — a quantity that would easily fit on just a single hard disk — but the haul has contained pre-release movie files, sensitive business information, health records, salaries and other employee information, and many private email exchanges that have now been laid bare causing much embarrassment. It will take Sony a considerable time and massive expense to recover from the full effects of the attack, even once they have their computer systems up and running again.

The attack has clearly been more sophisticated that the average hacktivist attack, but the current state of software security is such that it would not have been particularly difficult or expensive to execute, and at very little risk to the attackers. It’s not that the security team at Sony Pictures did a bad job, it’s that security teams at all corporations currently face a nigh impossible challenge of keeping hackers out. Antivirus software and other security tools are all too easy to evade by hackers, so these traditional approaches of trying to retrofit security by detecting attacks are failing. We need to demand that software and hardware vendors to a better job of security by design, making systems that are less vulnerable and more resistant to attack. This means reducing the “attack surface” the amount of critical computer code that is exposed to an attacker. Only then will we be able to change the economics and make the cost of such attacks prohibitive, putting the advantage back in the hands of the security teams that defend our networks.”

Kevin Epstein, VP of Advanced Security and Governance at Proofpoint commented that:

“The Sony attack clearly shows how dangerous cybercriminals can be when they successfully compromise an organization’s cybersecurity. The extortion tactics applied to Sony are yet another public example of the new level of threat posed by targeted attacks — for which the crucial business tools of email and social media still lead as delivery vectors. Attacks like this have a direct impact on company revenue, raising security to a boardroom level of visibility.

It’s important to remember that U.S. and global companies are targeted by nation-states and cybercriminal groups every day. We anticipate this class of breaches will only increase in 2015, driven by email and social media hacks. Layered targeted attack protection that goes beyond anti-spam is a necessity in today’s defense against such attackers.”

Are you worried about the state of play here? Web threats are nothing new, and large organisations likely receive them all the time, but Sony is a high-profile example of a company giving in to demands, whatever the real reason may be (don’t forget, a whole heap of private Sony information has already been dumped and there may have been more to come).

Do you think we are likely to see more hackers, hacktivists, terrorists and other ill-doers using the web to initiative their acts of criminality, barbarity and general badassness or is this just a flash in the pan evolution of the old phone hoaxes that had to be taken seriously until proven false?

Philip Lieberman On The Sony Hack: “This Scenario Will Play Out Again And In Even Worse Forms”

It’s been said often, and more so recently, that it’s a question of “when” not “if” a data breach will beset your company. Therefore, it could be argued that “information security is only as effective as the response it generates – A structured response ensures that an incident is recognised early and dealt with in the most […]

Continue

Sony Hack: The ‘Finger We Are Pointing At North Korea Should Be Pointing At Ourselves’

Who hacked Sony? That’s the big question, and one that has been dominating my RSS reader and Twitter lists for some time now, almost to the exclusion of everything else ‘cyber’. The consensus, among mainstream media at least, points to North Korea but that isn’t my view and nor is it held by many in […]

Continue

Consumers Dubious of Mobile Payment Security, Prefer Third Party Services Such As PayPal

Tripwire today announced the results of a consumer survey conducted on holiday shopping security practices by One Poll and Dimensional Research. Evaluating online cybersecurity awareness of 2,011 consumers from the U.S. and U.K., the survey revealed that more than 40 percent of respondents believe using a third party payer such as PayPal or Google Wallet […]

Continue

Stop Using DDoS As A Weapon

Pat Benatar (sorry, no prizes if you worked out which one of her tracks I’m listening to while writing this) might be proud of such a title, but would she be proud of the tactics Sony is reportedly using in its fightback against web pirates? According to Re/Code, “The company is using hundreds of computers in […]

Continue