Threat Lessons from Sony and Anthem

Uploaded on 2015-03-30 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

The cyberattack on Sony Pictures entertainment left plenty of roiled waters in its aftermath: lawsuits from employees whose personal information was leaked; apologies to President Obama and other subjects of hasty emails; US sanctions against North Korea and a war of words back and forth; and the irony of Sony turning to the entity most identified in those emails as a threat to its content distribution model, Google, to distribute “The Interview.”

The Anthem hack exposed a record number of customers. Such a large-scale attack on health records rather than payments, as in the comparable Target attack, raises questions as to just what information the hackers were seeking.

Now come reports of ISIS attacks on US websites. The hacker reportedly placed the black ISIS flag on the websites of several American businesses including a zoo in California and cocktail bar in Massachusetts, seemingly trolling the Internet for vulnerable, albeit lower-profile, targets. Even today it’s not possible to assess the full extent of the damage. But there is widespread agreement that, taken together, these kinds of hacks are unprecedented. Here are some lessons.

There have been highly disruptive attacks before (on Saudi Aramco in 2012), political stunts (LulzSec), and ones that have inflicted high costs (Target, for one prominent example). Although the FBI described the sophistication of the Sony attack as “extremely high,” some cybersecurity experts say otherwise. But what is clearly new about these recent attacks are their wholesale breadth and brazenness.

Sony reportedly hardened its systems after the 2011 PlayStation Network breach caused it to lose information from 77 million user accounts. But hardening systems has focused on firewalls to keep threats out, constantly updating to keep abreast of changing threat signatures. The trouble with this focus is that it does not stay ahead of new threats.

Increasingly, cybersecurity is focusing on detection and resiliency for inevitable penetration of firewalls. The MIT Media Lab, for example, hardly uses any firewalls so it can enable its users to collaborate widely and launch websites without needing permissions. Security relies instead on monitoring systems thoroughly in order to establish a baseline, identifying anomalies such as a computer moving unusual volumes of data or communicating with suspect IP addresses, and responding rapidly when unusual behavior is observed by taking affected computers off the network.

Would measures like these have prevented the Sony or Anthem hacks? One would expect that monitoring could detect unusual access to or transmission of gigabytes of unreleased films or mass email accounts and set off some alarms.
The government would not issue sanctions against North Korea without a high level of confidence in the attribution of the Sony attack. Even so, some analysts insist it was an inside job.

A reason to suspect insider involvement is the breadth and scale of what was stolen. After all the best publicised thefts of information were accomplished by insiders; like Chelsea Manning and Edward Snowden. Snowden was able to take so much and make such broad statements about what he could learn about people because he had extraordinary access as a system administrator.

In the wake of the Snowden revelations, the NSA took steps to limit how much access a single systems administrator can have. The Sony attack is a reminder that other organizations need to do the same. 

Techcrunch:

« A Simple Guide to GCHQ's Hacking Powers
IT Governance Cyber Security Phishing Awareness Course »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

Telecommunications Industry Association (TIA)

Telecommunications Industry Association (TIA)

TIA works to secure trust in networks by advocating public policy positions on the security of ICT equipment and services related to critical infrastructure, supply chain and information sharing.

SKOUT Secure Intelligence

SKOUT Secure Intelligence

SkOUT Secure Intelligence (formerly Oxford Solutions) provides cyber security monitoring services to organizations around the globe.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Information Technology & Cyber ​​Security Service (STISC) - Moldova

Information Technology & Cyber ​​Security Service (STISC) - Moldova

STISC is a public institution whose purpose is to ensure the administration, maintenance and development of the information technology infrastructure in Moldova.

Culinda

Culinda

Culinda secures medical IoT devices in hospitals with An Artificial Intelligence platform and security gateway.

ICS Cyber Security Conference

ICS Cyber Security Conference

SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity.

Beauceron Security

Beauceron Security

Beauceron's cloud-based platform gives employees a powerful personal cyber-risk coach empowering them to improve their cybersecurity practices and behaviours.

VLATACOM Institute

VLATACOM Institute

Vlatacom Institute is privately owned accredited research and development institute, system integrator and turn-key solution provider. Areas of expertise include encryption and authentication.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

Privasee

Privasee

Make GDPR compliance simple with Privasee. Our software makes it easy to protect your data and ensure you’re compliant with the new regulations.

Star Lab

Star Lab

Star Lab specializes in the development and productization of embedded security technologies.

e-Safer

e-Safer

e-Safer's mission is to provide solutions and services that ensure a safer digital environment.

CrashPlan

CrashPlan

CrashPlan provides peace of mind through secure, scalable, and straightforward endpoint data backup.