Sony pulling its latest movie – The Interview – in the wake of Guardian of Peace terrorist threats could, in many ways, be the start of an alarming trend.
— NBC News (@NBCNews) December 17, 2014
Of course it goes without sating that the US rightly remembers September 11 and the awful repercussions of that day that continue to be felt around the world, but this latest development could represent a new breed of terrorism in which the online and real worlds come together.
As Eugune Kaspersky said:
The Sony hack is extremely worrying. Hackers using real-world terror threats and achieving their goal is really bad for everyone
— Eugene Kaspersky (@e_kaspersky) December 18, 2014
The fact that GOP was able to achieve its aims via web-based threats is concerning and could have very real consequences in the future and could indeed shape it.
Please note: Our Late Shift screening of Team America: World Police has been canceled by Paramount Pictures. pic.twitter.com/TlPVzIeICW
— Capitol Theatre (@CapitolW65th) December 18, 2014
As Ian Pratt, co-founder, Bromium says:
“Corporate networks get compromised by hackers every day, but the public rarely get to hear about it. The motives of the attackers are usually to steal intellectual property (product designs or business intelligence) or personal information (credit card numbers or health records). These attacks are performed stealthily, frequently without detection by the corporate security team, at least until much later.
Increasingly, some hacking groups are attempting to extort money from businesses through threats of service outages or destruction of data. Although the business will be clearly be aware of such attacks, they rarely become public knowledge.
The Sony Pictures attack is unusual in that the whole aim of the attackers has been to maximize the publicity from the attack and to scare Sony and other businesses into complying with their wishes. To that end, they seem to have been very successful. The attack has been a sobering reminder of how critical the information on our computer systems is. The attackers are reported to have stolen a terabyte of data — a quantity that would easily fit on just a single hard disk — but the haul has contained pre-release movie files, sensitive business information, health records, salaries and other employee information, and many private email exchanges that have now been laid bare causing much embarrassment. It will take Sony a considerable time and massive expense to recover from the full effects of the attack, even once they have their computer systems up and running again.
The attack has clearly been more sophisticated that the average hacktivist attack, but the current state of software security is such that it would not have been particularly difficult or expensive to execute, and at very little risk to the attackers. It’s not that the security team at Sony Pictures did a bad job, it’s that security teams at all corporations currently face a nigh impossible challenge of keeping hackers out. Antivirus software and other security tools are all too easy to evade by hackers, so these traditional approaches of trying to retrofit security by detecting attacks are failing. We need to demand that software and hardware vendors to a better job of security by design, making systems that are less vulnerable and more resistant to attack. This means reducing the “attack surface” the amount of critical computer code that is exposed to an attacker. Only then will we be able to change the economics and make the cost of such attacks prohibitive, putting the advantage back in the hands of the security teams that defend our networks.”
Kevin Epstein, VP of Advanced Security and Governance at Proofpoint commented that:
“The Sony attack clearly shows how dangerous cybercriminals can be when they successfully compromise an organization’s cybersecurity. The extortion tactics applied to Sony are yet another public example of the new level of threat posed by targeted attacks — for which the crucial business tools of email and social media still lead as delivery vectors. Attacks like this have a direct impact on company revenue, raising security to a boardroom level of visibility.
It’s important to remember that U.S. and global companies are targeted by nation-states and cybercriminal groups every day. We anticipate this class of breaches will only increase in 2015, driven by email and social media hacks. Layered targeted attack protection that goes beyond anti-spam is a necessity in today’s defense against such attackers.”
Are you worried about the state of play here? Web threats are nothing new, and large organisations likely receive them all the time, but Sony is a high-profile example of a company giving in to demands, whatever the real reason may be (don’t forget, a whole heap of private Sony information has already been dumped and there may have been more to come).
Do you think we are likely to see more hackers, hacktivists, terrorists and other ill-doers using the web to initiative their acts of criminality, barbarity and general badassness or is this just a flash in the pan evolution of the old phone hoaxes that had to be taken seriously until proven false?