Threat Lessons from Sony and Anthem

Uploaded on 2015-03-30 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

The cyberattack on Sony Pictures entertainment left plenty of roiled waters in its aftermath: lawsuits from employees whose personal information was leaked; apologies to President Obama and other subjects of hasty emails; US sanctions against North Korea and a war of words back and forth; and the irony of Sony turning to the entity most identified in those emails as a threat to its content distribution model, Google, to distribute “The Interview.”

The Anthem hack exposed a record number of customers. Such a large-scale attack on health records rather than payments, as in the comparable Target attack, raises questions as to just what information the hackers were seeking.

Now come reports of ISIS attacks on US websites. The hacker reportedly placed the black ISIS flag on the websites of several American businesses including a zoo in California and cocktail bar in Massachusetts, seemingly trolling the Internet for vulnerable, albeit lower-profile, targets. Even today it’s not possible to assess the full extent of the damage. But there is widespread agreement that, taken together, these kinds of hacks are unprecedented. Here are some lessons.

There have been highly disruptive attacks before (on Saudi Aramco in 2012), political stunts (LulzSec), and ones that have inflicted high costs (Target, for one prominent example). Although the FBI described the sophistication of the Sony attack as “extremely high,” some cybersecurity experts say otherwise. But what is clearly new about these recent attacks are their wholesale breadth and brazenness.

Sony reportedly hardened its systems after the 2011 PlayStation Network breach caused it to lose information from 77 million user accounts. But hardening systems has focused on firewalls to keep threats out, constantly updating to keep abreast of changing threat signatures. The trouble with this focus is that it does not stay ahead of new threats.

Increasingly, cybersecurity is focusing on detection and resiliency for inevitable penetration of firewalls. The MIT Media Lab, for example, hardly uses any firewalls so it can enable its users to collaborate widely and launch websites without needing permissions. Security relies instead on monitoring systems thoroughly in order to establish a baseline, identifying anomalies such as a computer moving unusual volumes of data or communicating with suspect IP addresses, and responding rapidly when unusual behavior is observed by taking affected computers off the network.

Would measures like these have prevented the Sony or Anthem hacks? One would expect that monitoring could detect unusual access to or transmission of gigabytes of unreleased films or mass email accounts and set off some alarms.
The government would not issue sanctions against North Korea without a high level of confidence in the attribution of the Sony attack. Even so, some analysts insist it was an inside job.

A reason to suspect insider involvement is the breadth and scale of what was stolen. After all the best publicised thefts of information were accomplished by insiders; like Chelsea Manning and Edward Snowden. Snowden was able to take so much and make such broad statements about what he could learn about people because he had extraordinary access as a system administrator.

In the wake of the Snowden revelations, the NSA took steps to limit how much access a single systems administrator can have. The Sony attack is a reminder that other organizations need to do the same. 

Techcrunch:

« A Simple Guide to GCHQ's Hacking Powers
IT Governance Cyber Security Phishing Awareness Course »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium was created to encourage use-inspired research, training and technology awareness in cybersecurity.

Georgia Cyber Center

Georgia Cyber Center

Georgia Cyber Center is dedicated to training the next generation of professionals through education and real-world practice while also supporting innovation in new technologies for online defenses.

DeviceAssure

DeviceAssure

DeviceAssure enables organizations to reliably identify counterfeit and non-standard devices with a real-time check on a device's authenticity.

Buglab

Buglab

The Buglab contest and Vigilante Protocol help companies all over the world to discover and fix vulnerabilities on their digital solutions or assets.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

Horiba Mira

Horiba Mira

Horiba Mira is a global provider of automotive engineering, research and test services including services and solutions for automotive cybersecurity.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

SecureLogix

SecureLogix

SecureLogix deliver a unified voice network security and call verification solution. Protect against call attacks & fraud.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

Sev1Tech

Sev1Tech

Sev1Tech is a leading provider of IT modernization, cloud, cybersecurity, engineering, fielding, training, and program support services.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.