North Korea behind Sony attack -- what now?
The FBI pointed to North Korea as the culprit behind the Sony Pictures security breach, and reports hint the foreign government may have gotten inside help. Also on Searchlight: Yahoo CEO Marissa Mayer's flawed attempts to channel Steve Jobs; Samsung takes on Apple Pay.
The FBI announced today that it has enough evidence to conclude that North Korea was behind the devastating cyberattack on Sony Pictures' computer systems last month that exposed and destroyed millions of corporate files.
Although the attack originated from outside North Korea, routed by the hackers from command-and-control servers worldwide, the FBI and cybersecurity analysts, including Kaspersky Lab analyst Kurt Baumgartner, say that one of the servers was also used in North Korea's attacks on South Korea two years ago. The attack on Sony Pictures was in apparent retaliation for the studio's upcoming film The Interview, a movie that depicts an assassination plot against North Korean leader Kim Jong Un.
The FBI's announcement comes shortly after Sony canceled the Dec. 25 release of The Interview, a decision made after "Guardians of the Peace" hackers, invoking the Sept. 11 terrorist attacks, threatened to harm American citizens who go to see the movie.
It's not exactly clear how U.S. intelligence officials were able to attribute the hack to North Korea's government, particularly because its computer network has been challenging to penetrate in the past. But according to The New York Times, a major effort by the National Security Agency's elite cyberteam to penetrate North Korean systems and monitor its malware has been in the works for four years now.
While mum on details, the FBI has alerted the public to the unprecedented and frightening nature of this cyberattack. "Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart," the FBI stated. "North Korea’s attack on [Sony Pictures] reaffirms that cyber threats pose one of the gravest national security dangers to the United States."
Time will tell how the involvement of a state government in a cyberattack on a private corporation will affect companies and their security policies. But it seems the goalposts for cyberattacks have shifted. “It used to be that only countries fought wars and companies provided aid and/or suffered collateral damage. Now that warfare is moving into the digital arena,” Forrester analyst James McQuivey wrote in a blog post yesterday. He speculates that companies must brace themselves for being drawn into political cyberwar.
Protecting against the insider threat
Security experts disagree as to whether the hackers were aided by Sony insiders with knowledge of the company's network. One clue that points to that possibility is that Sony server names and administrators' credentials were embedded within the malware that infected Sony's computers.
"They already had access to Sony's network before the attack," Jaime Blasco, researcher at AlienVault, a cybersecurity consulting firm, told The New York Times.
The insider threat isn't a new phenomenon or uncommon. According to Verizon's 2014 Data Breach Investigations Report, "insider misuse" accounts for 19% of security incidents, tied for second place with crimeware. Not only do insider threats account for nearly one-fifth of all security incidents across all industries, but the perpetrators come from every level of an organization, all the way up to the C-suite, according to the report. "Wherever a business trusts people, you'll find this risk," the authors state.
So what are Verizon's suggestions for preventing insider and privilege misuse? First and foremost, the report stresses that you must know where your data is located and who can access it. Once you've determined which employees can access sensitive data, put into effect a process for revoking their access when they transfer departments or leave the company.
Verizon also advises that IT set up controls that monitor data transfer in and out of the organization. Anonymized audit results should be broadcast companywide to show that security policies are being enforced, which could deter further misuse.
Emailing passwords and other bad habits
Even if the hackers didn't receive inside help, however, coverage of the attack reveals that the company and its staff didn't really follow industry-standard best practices, such as securing their passwords and other sensitive information. For example, according to the Associated Press, Sony Pictures CEO Michael Lynton had assistants email him the actual passwords of his email, banking and other personal accounts -- just another of the many embarrassing C-level behaviors leaked by the hackers.
Another telling revelation from the leaks? Sony knew its security was crappy. Apparently, David C. Hendler, Sony Pictures CFO, expressed his unhappiness about how ineffective the company's security policies and IT practices were in various emails to Lynton. Never mind the exploding head of Kim Jong Un in a movie that may never see the light of day -- heads, you can be sure, are rolling at Sony.
CIO news roundup for week of Dec. 15
And here is more news from the past week:
- According to excerpts from Nicholas Carson's upcoming book Marissa Mayer and the Fight to Save Yahoo! (published in this week's New York Times Magazine under the rather catty title, "What Happened When Marissa Mayer Tried to be Steve Jobs"), the Yahoo CEO's efforts to restore the company to its former tech glory days have been unsuccessful. Carson detailed how many shareholders would rather Mayer liquidate the company's remaining stake with Alibaba and return the resulting proceeds to them -- and in the process make Yahoo an attractively cheap acquisition. Calling AOL, again?
- Another juicy tidbit from the book making the rounds online: Mayer apparently balked at hiring actress and lifestyle guru Gwyneth Paltrow as food editor -- because Paltrow didn't graduate college. (That's not very Jobs-like, is it?)
- Apple Pay might soon have a worthy rival: Samsung is in talks with payments startup LoopPay to roll out a wireless mobile payment service in early 2015. Meanwhile, more banks and retailers are signing on to use Apple Pay.
- A Sony clip-on wearable is in the works that might give Google Glass a run for its money. Unlike Google's glasses, Sony's module attaches to regular eyeglasses and other eyeware, transforming the ordinary specs into wearable technology.
- On Tuesday, Google published its annual A Year in Search, a video that lists the top queries global Internet users have typed into Google's search engine in the past year. Not surprisingly, Robin Williams topped the list, followed by the World Cup, Ebola and Malaysia Airlines Flight 370. Ferguson and Ukraine were popular search terms unique to Americans.
Check out our previous Searchlight roundups on how the Sony hack differs from other attacks and why Uber matters for CIOs.
Dig Deeper on Enterprise data privacy management
-
![]()
Lazarus Group hacker charged in WannaCry, Sony attacks
By: Michael Heller
-
![]()
North Korean programmer charged for WannaCry attacks
By: Warwick Ashford
-
![]()
North Korean Lazarus botnet linked to WannaCry attack
By: Cliff Saran
-
![]()
DEF CON 23: Two major roadblocks to cyber diplomacy, says former US diplomat
By: Warwick Ashford
as to whether or not it's a turkey -- I hope I get to find out!