Threat Lessons from Sony and Anthem

Uploaded on 2015-03-30 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

The cyberattack on Sony Pictures entertainment left plenty of roiled waters in its aftermath: lawsuits from employees whose personal information was leaked; apologies to President Obama and other subjects of hasty emails; US sanctions against North Korea and a war of words back and forth; and the irony of Sony turning to the entity most identified in those emails as a threat to its content distribution model, Google, to distribute “The Interview.”

The Anthem hack exposed a record number of customers. Such a large-scale attack on health records rather than payments, as in the comparable Target attack, raises questions as to just what information the hackers were seeking.

Now come reports of ISIS attacks on US websites. The hacker reportedly placed the black ISIS flag on the websites of several American businesses including a zoo in California and cocktail bar in Massachusetts, seemingly trolling the Internet for vulnerable, albeit lower-profile, targets. Even today it’s not possible to assess the full extent of the damage. But there is widespread agreement that, taken together, these kinds of hacks are unprecedented. Here are some lessons.

There have been highly disruptive attacks before (on Saudi Aramco in 2012), political stunts (LulzSec), and ones that have inflicted high costs (Target, for one prominent example). Although the FBI described the sophistication of the Sony attack as “extremely high,” some cybersecurity experts say otherwise. But what is clearly new about these recent attacks are their wholesale breadth and brazenness.

Sony reportedly hardened its systems after the 2011 PlayStation Network breach caused it to lose information from 77 million user accounts. But hardening systems has focused on firewalls to keep threats out, constantly updating to keep abreast of changing threat signatures. The trouble with this focus is that it does not stay ahead of new threats.

Increasingly, cybersecurity is focusing on detection and resiliency for inevitable penetration of firewalls. The MIT Media Lab, for example, hardly uses any firewalls so it can enable its users to collaborate widely and launch websites without needing permissions. Security relies instead on monitoring systems thoroughly in order to establish a baseline, identifying anomalies such as a computer moving unusual volumes of data or communicating with suspect IP addresses, and responding rapidly when unusual behavior is observed by taking affected computers off the network.

Would measures like these have prevented the Sony or Anthem hacks? One would expect that monitoring could detect unusual access to or transmission of gigabytes of unreleased films or mass email accounts and set off some alarms.
The government would not issue sanctions against North Korea without a high level of confidence in the attribution of the Sony attack. Even so, some analysts insist it was an inside job.

A reason to suspect insider involvement is the breadth and scale of what was stolen. After all the best publicised thefts of information were accomplished by insiders; like Chelsea Manning and Edward Snowden. Snowden was able to take so much and make such broad statements about what he could learn about people because he had extraordinary access as a system administrator.

In the wake of the Snowden revelations, the NSA took steps to limit how much access a single systems administrator can have. The Sony attack is a reminder that other organizations need to do the same. 

Techcrunch:

« A Simple Guide to GCHQ's Hacking Powers
IT Governance Cyber Security Phishing Awareness Course »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Identiv

Identiv

Identiv is a global security technology company that establishes trust in the connected world, including premises, information and everyday items.

MaxMind

MaxMind

MaxMind is an industry-leading provider of IP intelligence and online fraud detection tools.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

Oznet Cyber Security

Oznet Cyber Security

Oznet Cyber Security is dedicated to offering integral solutions oriented to the support and security of information.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

CyVolve

CyVolve

Cyvolve is the next great leap forward in data security, ensuring constant encryption and pervasive control over all your data.

Guardara

Guardara

Guardara's mission is to help our customers to continuously improve in every aspect of software development.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

Nardello & Co

Nardello & Co

Nardello & Co. is a global investigations firm with experienced professionals handling a broad range of issues including Digital Investigations & Cybersecurity.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

World Cyber Security Summit

World Cyber Security Summit

World Cyber Security Summit, by Trescon, is a thought-leadership driven platform for CISOs who are looking to explore new-age threats and the technologies/strategies that can help mitigate them.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

MailChannels

MailChannels

MailChannels protects companies against malicious email threats. Used by 750+ hosting providers around the world.

UK Cyber Cluster Collaboration (UKC3)

UK Cyber Cluster Collaboration (UKC3)

UKC3 has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.

Space Hellas

Space Hellas

Space Hellas is a dynamic, established System Integrator and Value Added Solutions Provider, holding a leading position in the high technology arena.