Threat Lessons from Sony and Anthem

The cyberattack on Sony Pictures entertainment left plenty of roiled waters in its aftermath: lawsuits from employees whose personal information was leaked; apologies to President Obama and other subjects of hasty emails; US sanctions against North Korea and a war of words back and forth; and the irony of Sony turning to the entity most identified in those emails as a threat to its content distribution model, Google, to distribute “The Interview.”

The Anthem hack exposed a record number of customers. Such a large-scale attack on health records rather than payments, as in the comparable Target attack, raises questions as to just what information the hackers were seeking.

Now come reports of ISIS attacks on US websites. The hacker reportedly placed the black ISIS flag on the websites of several American businesses including a zoo in California and cocktail bar in Massachusetts, seemingly trolling the Internet for vulnerable, albeit lower-profile, targets. Even today it’s not possible to assess the full extent of the damage. But there is widespread agreement that, taken together, these kinds of hacks are unprecedented. Here are some lessons.

There have been highly disruptive attacks before (on Saudi Aramco in 2012), political stunts (LulzSec), and ones that have inflicted high costs (Target, for one prominent example). Although the FBI described the sophistication of the Sony attack as “extremely high,” some cybersecurity experts say otherwise. But what is clearly new about these recent attacks are their wholesale breadth and brazenness.

Sony reportedly hardened its systems after the 2011 PlayStation Network breach caused it to lose information from 77 million user accounts. But hardening systems has focused on firewalls to keep threats out, constantly updating to keep abreast of changing threat signatures. The trouble with this focus is that it does not stay ahead of new threats.

Increasingly, cybersecurity is focusing on detection and resiliency for inevitable penetration of firewalls. The MIT Media Lab, for example, hardly uses any firewalls so it can enable its users to collaborate widely and launch websites without needing permissions. Security relies instead on monitoring systems thoroughly in order to establish a baseline, identifying anomalies such as a computer moving unusual volumes of data or communicating with suspect IP addresses, and responding rapidly when unusual behavior is observed by taking affected computers off the network.

Would measures like these have prevented the Sony or Anthem hacks? One would expect that monitoring could detect unusual access to or transmission of gigabytes of unreleased films or mass email accounts and set off some alarms.
The government would not issue sanctions against North Korea without a high level of confidence in the attribution of the Sony attack. Even so, some analysts insist it was an inside job.

A reason to suspect insider involvement is the breadth and scale of what was stolen. After all the best publicised thefts of information were accomplished by insiders; like Chelsea Manning and Edward Snowden. Snowden was able to take so much and make such broad statements about what he could learn about people because he had extraordinary access as a system administrator.

In the wake of the Snowden revelations, the NSA took steps to limit how much access a single systems administrator can have. The Sony attack is a reminder that other organizations need to do the same. 

Techcrunch:

« A Simple Guide to GCHQ's Hacking Powers
IT Governance Cyber Security Phishing Awareness Course »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CIRCL

CIRCL

CIRCL is the national Computer Incident Response Center of Luxembourg

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

Uniscon

Uniscon

Uniscon is a leading provider of cloud security solutions in Europe.

Bottomline Technologies

Bottomline Technologies

Bottomline Technologies is an innovator in business payment automation technology, helping companies make complex business payments simple, smart and secure.

CopSonic

CopSonic

Copsonic provide a technology solution based on ultrasonic waves to send secure and encrypted data between two devices in order to achieve authentication.

Vivitec

Vivitec

Vivitec security services are tailored for your business, industry, risk, technology, and size to ensure great protection and planned response for the inevitable cyber-attacks on your business.

Humming Heads

Humming Heads

Humming Heads offers a complete solution to fight the advanced threats that target a company's endpoints and servers.

ByteSnipers

ByteSnipers

ByteSnipers specialize in penetration testings and secure development services. Our focus is on your security.

Data Priva

Data Priva

Data Priva is the UK's leading subscription-based data protection, governance, risk and and compliance service.

Pionen

Pionen

Pionen are a specialist information security consultancy with excellent people and proven security delivery methodologies at its core.

Pulsant

Pulsant

Pulsant is the UK’s premier digital edge infrastructure company providing next-generation cloud, colocation and connectivity services.

MiC Talent Solutions

MiC Talent Solutions

MiC Talent Solutions provides recruiting, direct hire, augmented staff, and professional service contracting solutions for organizations searching for minority cybersecurity talent.

Smarsh

Smarsh

Smarsh products are designed for user-friendly, efficient compliance. From archiving, supervision, and discovery to cybersecurity – Smarsh has you covered.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.

Black Cipher Security

Black Cipher Security

Black Cipher is a New Jersey-based cybersecurity and incident response consulting firm.

Greenway Solutions

Greenway Solutions

Greenway Solutions are trusted advisors relied upon by our clients to combat sophisticated adversaries in the fraud and security domain.