We've seen lots of “classic” breaches over the past year. These are the ones that happen because Security 101 best practices aren't being followed. While CISOs are sweating over zero-days, known vulnerabilities are being exploited. Inconsistent patching and outdated software are leaving organizations exposed.
In many ways, this week’s Sony Pictures breach was a deviation from that norm, and it’s worth taking a look at this interesting blend of hacktivism, social engineering, intellectual property theft, and ransom. I’m sure it’s about more than Sony not giving up Spider-Man rights to Marvel.
Not only was the entire network disabled, but the attackers put 1980s-esque graphics and a semi-threatening message in broken English on everyone's computers. They apparently stole source code and “private keys to access servers” (which could be SSH keys or private keys of digital certificates). Aside from being embarrassing, the theft of these technical materials could have long-term effects – and lead to more hacks.
According to an article on The Next Web, a source within Sony has anonymously confirmed “a single server was compromised and the attack was spread from there.”
Big companies have large amounts of attack surface. Sony has partners, media channels and gaming networks. Creating a traditional layered defense for the full attack surface is challenging. A "hard on the outside, chewy on the inside" approach doesn’t work here.
Instead, Sony and others in their position must understand the potential effects of an inevitable breach. Where are the piviotable weaknesses once a hack has occurred? This approach allows companies to identify/address the most important vulnerabilities and contain attackers (or at least make it more difficult for attackers to propagate an attack).
This was another tough break for Sony. Of course, it’s bad news that this breach has arrived days before the holiday buying spree. It will also remind customers of the August 2014 incident when DDOS disrupted their gaming network, and the massive 2011 breach when 77 million user accounts were exposed.
If you're looking for some clear, straightforward steps for improving your security posture – or you’re simply wondering how your program stacks up against others – check out our Threat & Vulnerability Management Maturity Model.
If you could use some straightforward steps for maturing your vulnerability management program – or you’re simply wondering how your program stacks up against others – check out my Threat & Vulnerability Management Maturity Model. - See more at: https://blog.coresecurity.com/2014/10/20/jpmorgan-is-the-canary-in-the-…