The document summarizes the 2014 cyberattack on Sony Pictures that resulted in the theft of large amounts of sensitive data. It provides an overview of Sony as a company, describes how the attack occurred and what data was stolen, and analyzes the impact on data confidentiality, integrity and availability. It then lists and explains various security measures and tools that Sony could implement to prevent similar attacks in the future, such as encrypting passwords, limiting user privileges, implementing multi-factor authentication, and using security monitoring and analytics tools to detect anomalies. The document concludes that Sony needs to adopt best practices for security policies, procedures, user training, access controls and incident response to mitigate threats going forward.
A Guide to Internet Security For Businesses- Business.comBusiness.com
Recent revelations by National Security Agency (NSA) renegade contractor Edward Snowden have resulted in many businesses paying more attention to how secure their computer systems are. But even the most “cyber-savvy” businesses can have their computer networks hacked and compromised. Use this whitepaper to understand your threats, protective options, and trends in internet security for businesses.
A Guide to Internet Security For Businesses- Business.comBusiness.com
Recent revelations by National Security Agency (NSA) renegade contractor Edward Snowden have resulted in many businesses paying more attention to how secure their computer systems are. But even the most “cyber-savvy” businesses can have their computer networks hacked and compromised. Use this whitepaper to understand your threats, protective options, and trends in internet security for businesses.
Security weekly september 28 october 4, 2021 Roen Branham
Watch the full episode on Youtube: https://youtu.be/Tl3pVMaCN60
Security weekly september 28 october 4, 2021
We review the Cyber Security news events that happened from September 28 - October 4, 2021.
It seems like we've been hearing a lot about phishing in the news in recent years, and this threat hasn't abated yet. Why are attacks via phishing -and social engineering in general -so prevalent and so effective? This whitepaper examines the many different methods employed in phishing attacks and social engineering campaigns, and offers a solution-based approach to mitigating risk from these attack vectors.
The good, the bad and the ugly of the target data breachUlf Mattsson
The landscape of threats to sensitive data is rapidly changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
This webinar will cover:
Data security today, the landscape, etc.
Discuss a few recent studies and changing threat landscape
The Target breach and other recent breaches
The effects of new technologies on breaches
Shifting from reactive to proactive thinking
Preparing for future attacks with new techniques
This is for educational purposes only and not to be used as a means to scam or attack.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
A penetration test is often a key requirement for compliance with key regulations. But while many organizations know they need penetration testing, it can be hard to know how to fit them in to a larger security program, or even how to get started. Our whitepaper, "What is Penetration Testing? An Introduction for IT Managers," is a clear and succinct introduction to the core principles and best practices of penetration testing.
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to adapt to the shifts around them.
What’s needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
In this webinar, Protegrity CTO and data security thought leader Ulf Mattsson integrates new information from the Verizon 2014 Data Breach Investigation Report (DBIR) into his analysis on what is driving data breaches today, and how we can prevent them in the future.
KEY TOPICS INCLUDE:
• The changing threat landscape
• The effects of new technologies on breaches
• Analysis of recent breaches, including Target
• Compliance vs. security
• The importance of shifting from reactive to proactive thinking
• Preparing for future attacks with new technology & techniques
Invesitigation of Malware and Forensic Tools on Internet IJECEIAES
Malware is an application that is harmful to your forensic information. Basically, malware analyses is the process of analysing the behaviours of malicious code and then create signatures to detect and defend against it.Malware, such as Trojan horse, Worms and Spyware severely threatens the forensic security. This research observed that although malware and its variants may vary a lot from content signatures, they share some behaviour features at a higher level which are more precise in revealing the real intent of malware. This paper investigates the various techniques of malware behaviour extraction and analysis. In addition, we discuss the implications of malware analysis tools for malware detection based on various techniques.
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
Watch the full episode on Youtube: https://youtu.be/M5Gsjwsnxtg
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”
Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.
How To Protect Your Website From Bot Attacks is a one-hour continuing education course. After successfully completing the course and final exam, you will be awarded a certificate of completion that you can use towards fulfilling your continuing education requirements.
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts.
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxarnoldmeredith47041
The uniqueness of the text:
61.5%
SHOW ALL MATCHES
Page address
Similarity
View in text
http://yandex.ru/
18.1%
Show
http://google.ru/
20.3%
Show
http://yandex.ru/
1%
Show
I NEED HELP WITH MY CONTENT EDIT THIS TEXT CHECK ANOTHER TEXT
Information Security Issues Faced by Organizations In any organization, Information Security threats may be many like Software assaults, theft of intellectual belongings, identity robbery, theft of gadget or statistics, sabotage, and facts extortion. A risk can be something which could take gain of a vulnerability to breach security and negatively adjust, erase, damage object or gadgets of interest. Software attacks imply an attack by Viruses, Worms, Trojan Horses and so forth. Many customers consider that malware, virus, worms, bots are all the same matters. But they're now not identical, the simplest similarity is that they all are malicious software program that behaves differently. Apart from these threats, there are some headache information security threats they are: Cyberattack Threats: - Cyber-attacks are, of course, establishments’ pinnacle problem. There are many methods cybercriminals can target companies. Each will motive distinct types of harm and need to be defended in opposition to in one-of-a-kind methods. Some attacks, consisting of phishing campaigns, are typically designed to thieve private information. Others, such as ransomware and denial-of-carrier assaults, have several feasible pursuits, ranging from extorting cash to disrupting business operations for political reasons. Cyber threats, unfortunately, are getting an increasing number of risks in these days clever international. But what precisely is cyber risk? A cyber threat is an act or viable act which intends to scouse borrow records (non-public or in any other case), damage records or motive a few types of digital damage. Today, the time period is nearly exclusively used to explain records safety topics. Because it’s tough to visualize how digital signals touring throughout a cord can represent an assault, we’ve taken to visualizing the virtual phenomenon as a bodily one. A cyber-attack is an assault this is hooked up in opposition to a corporation (that means our digital gadgets) making use of cyberspace. Cyberspace, a digital space that doesn’t exist, has grown to be the metaphor to assist us to understand virtual weaponry that intends to harm us. What is actual, but, is the purpose of the attacker as well as the potential impact. While many cyberattacks are mere nuisances, a few are quite serious, even potentially threatening human lives. Malware: - Software that plays a malicious project on a goal tool or community, e.g. Corrupting facts or taking on a machine. Ransomware: - An attack that involves encrypting information on the goal system and traumatic a ransom in alternate for letting the consumer has got right of entry to the facts again. These assaults range from low-level nuisances to severe incidents just like the locking do.
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
Cyber terrorists are sophisticated, organized and disruptive to your business. How prepared are you? Explore the landscape of malicious actors most likely to strike your business and what you can do about it.
Security weekly september 28 october 4, 2021 Roen Branham
Watch the full episode on Youtube: https://youtu.be/Tl3pVMaCN60
Security weekly september 28 october 4, 2021
We review the Cyber Security news events that happened from September 28 - October 4, 2021.
It seems like we've been hearing a lot about phishing in the news in recent years, and this threat hasn't abated yet. Why are attacks via phishing -and social engineering in general -so prevalent and so effective? This whitepaper examines the many different methods employed in phishing attacks and social engineering campaigns, and offers a solution-based approach to mitigating risk from these attack vectors.
The good, the bad and the ugly of the target data breachUlf Mattsson
The landscape of threats to sensitive data is rapidly changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
This webinar will cover:
Data security today, the landscape, etc.
Discuss a few recent studies and changing threat landscape
The Target breach and other recent breaches
The effects of new technologies on breaches
Shifting from reactive to proactive thinking
Preparing for future attacks with new techniques
This is for educational purposes only and not to be used as a means to scam or attack.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
A penetration test is often a key requirement for compliance with key regulations. But while many organizations know they need penetration testing, it can be hard to know how to fit them in to a larger security program, or even how to get started. Our whitepaper, "What is Penetration Testing? An Introduction for IT Managers," is a clear and succinct introduction to the core principles and best practices of penetration testing.
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to adapt to the shifts around them.
What’s needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
In this webinar, Protegrity CTO and data security thought leader Ulf Mattsson integrates new information from the Verizon 2014 Data Breach Investigation Report (DBIR) into his analysis on what is driving data breaches today, and how we can prevent them in the future.
KEY TOPICS INCLUDE:
• The changing threat landscape
• The effects of new technologies on breaches
• Analysis of recent breaches, including Target
• Compliance vs. security
• The importance of shifting from reactive to proactive thinking
• Preparing for future attacks with new technology & techniques
Invesitigation of Malware and Forensic Tools on Internet IJECEIAES
Malware is an application that is harmful to your forensic information. Basically, malware analyses is the process of analysing the behaviours of malicious code and then create signatures to detect and defend against it.Malware, such as Trojan horse, Worms and Spyware severely threatens the forensic security. This research observed that although malware and its variants may vary a lot from content signatures, they share some behaviour features at a higher level which are more precise in revealing the real intent of malware. This paper investigates the various techniques of malware behaviour extraction and analysis. In addition, we discuss the implications of malware analysis tools for malware detection based on various techniques.
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
Watch the full episode on Youtube: https://youtu.be/M5Gsjwsnxtg
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”
Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.
How To Protect Your Website From Bot Attacks is a one-hour continuing education course. After successfully completing the course and final exam, you will be awarded a certificate of completion that you can use towards fulfilling your continuing education requirements.
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts.
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxarnoldmeredith47041
The uniqueness of the text:
61.5%
SHOW ALL MATCHES
Page address
Similarity
View in text
http://yandex.ru/
18.1%
Show
http://google.ru/
20.3%
Show
http://yandex.ru/
1%
Show
I NEED HELP WITH MY CONTENT EDIT THIS TEXT CHECK ANOTHER TEXT
Information Security Issues Faced by Organizations In any organization, Information Security threats may be many like Software assaults, theft of intellectual belongings, identity robbery, theft of gadget or statistics, sabotage, and facts extortion. A risk can be something which could take gain of a vulnerability to breach security and negatively adjust, erase, damage object or gadgets of interest. Software attacks imply an attack by Viruses, Worms, Trojan Horses and so forth. Many customers consider that malware, virus, worms, bots are all the same matters. But they're now not identical, the simplest similarity is that they all are malicious software program that behaves differently. Apart from these threats, there are some headache information security threats they are: Cyberattack Threats: - Cyber-attacks are, of course, establishments’ pinnacle problem. There are many methods cybercriminals can target companies. Each will motive distinct types of harm and need to be defended in opposition to in one-of-a-kind methods. Some attacks, consisting of phishing campaigns, are typically designed to thieve private information. Others, such as ransomware and denial-of-carrier assaults, have several feasible pursuits, ranging from extorting cash to disrupting business operations for political reasons. Cyber threats, unfortunately, are getting an increasing number of risks in these days clever international. But what precisely is cyber risk? A cyber threat is an act or viable act which intends to scouse borrow records (non-public or in any other case), damage records or motive a few types of digital damage. Today, the time period is nearly exclusively used to explain records safety topics. Because it’s tough to visualize how digital signals touring throughout a cord can represent an assault, we’ve taken to visualizing the virtual phenomenon as a bodily one. A cyber-attack is an assault this is hooked up in opposition to a corporation (that means our digital gadgets) making use of cyberspace. Cyberspace, a digital space that doesn’t exist, has grown to be the metaphor to assist us to understand virtual weaponry that intends to harm us. What is actual, but, is the purpose of the attacker as well as the potential impact. While many cyberattacks are mere nuisances, a few are quite serious, even potentially threatening human lives. Malware: - Software that plays a malicious project on a goal tool or community, e.g. Corrupting facts or taking on a machine. Ransomware: - An attack that involves encrypting information on the goal system and traumatic a ransom in alternate for letting the consumer has got right of entry to the facts again. These assaults range from low-level nuisances to severe incidents just like the locking do.
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
Cyber terrorists are sophisticated, organized and disruptive to your business. How prepared are you? Explore the landscape of malicious actors most likely to strike your business and what you can do about it.
Perform a search on the Web for articles and stories about social en.pdffasttrackcomputersol
Perform a search on the Web for articles and stories about social engineering attacks or reverse
social engineering attacks. Find an attack that was successful and describe how it could have
been prevented.
Solution
Answer:
As per Computer Weekly, social engineering attacks were the most well-known hacking strategy
utilized as a part of 2015. What\'s more, there\'s no indication of it backing off; in 2016 60
percent of undertakings were casualties of a social engineering attack or something to that affect.
Furthermore, as per EMC, phishing attacks—the least demanding and most normal sort of social
engineering attacks—brought about almost $6 billion in misfortunes in 2013 alone, spread out
finished around 450,000 separate bargains.
Some hurt more regrettable than others, however all brought about a sufficiently genuine shake
up for security directors to recalibrate their regard for the vector, investigate their conventions,
and make teaching staff a best need.
Here\'s our pick for five of the greatest social engineering attacks ever.
5. 2011 RSA SecurID Phishing Attack
Security firms ought to be the most secure targets with regards to a data framework attack, yet
they are likewise delicious focuses on that draw more than what\'s coming to them of endeavors.
In 2011, one of these attacks bit encryption mammoth RSA and prevailing with regards to mesh
hackers profitable data about the organization\'s SecurID two-factor validation coxcombs.
In spite of the fact that RSA at first denied that the data could enable hackers to trade off
anybody utilizing SecurID, protection temporary worker Lockheed Martin soon recognized
hackers endeavoring to rupture their system utilizing stolen SecurID information. RSA retreated
rapidly and consented to supplant a large portion of the disseminated security tokens.
This inconvenience came down to four workers at RSA parent organization EMC. Attackers sent
them email with a satirize deliver implying to be at a vocation enrollment site, with an Excel
connection titled 2011 Recruitment Plan. It wasn\'t clear why the representatives would think
about a spreadsheet from an outsider site, however they opened it—and a zero-day Flash
adventure covered in the spreadsheet introduced indirect access to their work machines that soon
exposed the keys to the kingdom.
4. 2015 Ubiquiti Networks Scam
Not all hackers are searching for touchy data; here and there they simply need chilly, hard
money.
In 2015, Ubiquiti, a particular producer of wifi hardware and software situated in San Jose,
discovered this out the most difficult way possible when their fund division was focused in an
extortion conspire rotating around worker pantomime.
The organization never uncovered precisely how the attack was organized, yet said that the
bookkeeping office got email indicating to be from the organization\'s Hong Kong auxiliary.
Regularly, such emails contain guidelines with respect to changes in installment account points
of interest or new selle.
Deep Learning based Threat / Intrusion detection systemAffine Analytics
The article is about a Threat/Intrusion Detection System, which could be used to detect such data leaks/breaches & take a preventive action to contain, if not stop the damage due to breach.
The Best Online Security Service for
CIM – Central Management
Log Monitoring
Intrusion Detection Systems
Firewall Monitoring System
Host based IDSs
Vulnerability Scanning
Evidence Retention
CIM Intelligence
A must to see for all,......!!!
Companies are struggling to deal with the unstoppable growth of cyber-attacks as hackers get faster, sneakier and more creative. The bad news is - no company is immune, no matter how big or small you are. Without a proper understanding of zero-day threats, companies have no way of exposing the gaps of overhyped security solutions.
Zero-day exploit leaves NO opportunity for detection. This presentation will highlight critical insights combating zero-day threats.
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdfaccuraprintengineers
Case Study 2 On November 24, 2014, Sony Pictures Entertainment found out it had been hacked.
The hackers were able to penetrate Sony systems and networks and take over 100 terabytes of
company information, including trade secrets, email, and personnel records. Several Sony Twitter
accounts were also taken over. The hackers then installed on Sonys computers a piece of
malware called Wiper, which erased data from the companys servers and PCs. Investigators
concluded that the hackers spent more than two months, from mid-September to mid-November
2014, mapping Sonys computer systems, identifying critical files, and planning how to destroy
computers and servers. The malware made many Sony employees computers inoperable and full
recovery difficult or impossible, slowing down company operations. Sony shut down its internal
computer network to prevent the data-wiping software from causing further damage, forcing many
employees to use paper and pen. Systems from which the company generates revenue, including
those involved with marketing and distributing films and TV shows, were the first to be restored.
The hackers, who called themselves the Guardians of Peace, released some of the stolen
information to the public and threatened to release more. That information included very
confidential and poten tially embarrassing tidbits about Sony staff; partners; Hollywood stars,
including Sylvester Stallone, director Judd Apatow, and Australian actress Rebel Wilson; and
President Obama. Confidential personal informa tion about employees such as names; addresses;
47,000 Social Security numbers; and financial details was also stolen. The personal data, along
with contracts and other sensitive Sony documents, were posted on file-sharing networks such as
Bit Torrent. The hackers also posted five Sony films to online file-sharing sites, including Brad Pitts
Fury and a remake of the musical Annie. These films had not yet been released, so the hackers
were essentially giving them away free before Sony could bring them to market. Sony quickly
organized internal staff to deal with this problem and contacted the FBI and the private security
firm FireEye to find ways to protect employees whose personal data had been exposed by the
hack, repair the damaged computers, and hunt down the hackers. The attack may have been
motivated in part by Sonys plans to release a film called The Interview about two bumbling TV
reporters trying to assassinate North Korean leader Kim Jong-un. North Korean officials had
previously expressed objections to the film at the United Nations. A December 16, 2014, message
from the Guardians of Peace threatened terrorist actions at theaters showing the film. Sony pulled
the film from theatrical release the next day, and a number of U.S. theater chains announced they
would not screen the film. U.S. government officials stated on December 17 that they believed the
North Korean government was involved with the Sony hack, pointing to North Korean hacker.
On November 24 2014 Sony Pictures Entertainment found out .pdfaabdin101
On November 24, 2014, Sony Pictures Entertainment found out it had been hacked. The hackers
were able to penetrate Sony systems and networks and take over 100 terabytes of company
information, including trade secrets, email, and personnel records. Several Sony Twitter accounts
were also taken over. The hackers then installed on Sonys computers a piece of malware called
Wiper, which erased data from the companys servers and PCs. Investigators concluded that the
hackers spent more than two months, from mid-September to mid-November 2014, mapping
Sonys computer systems, identifying critical files, and planning how to destroy computers and
servers. The malware made many Sony employees computers inoperable and full recovery
difficult or impossible, slowing down company operations. Sony shut down its internal computer
network to prevent the data-wiping software from causing further damage, forcing many
employees to use paper and pen. Systems from which the company generates revenue, including
those involved with marketing and distributing films and TV shows, were the first to be restored.
The hackers, who called themselves the Guardians of Peace, released some of the stolen
information to the public and threatened to release more. That information included very
confidential and poten tially embarrassing tidbits about Sony staff; partners; Hollywood stars,
including Sylvester Stallone, director Judd Apatow, and Australian actress Rebel Wilson; and
President Obama. Confidential personal informa tion about employees such as names; addresses;
47,000 Social Security numbers; and financial details was also stolen. The personal data, along
with contracts and other sensitive Sony documents, were posted on file-sharing networks such as
Bit Torrent. The hackers also posted five Sony films to online file-sharing sites, including Brad Pitts
Fury and a remake of the musical Annie. These films had not yet been released, so the hackers
were essentially giving them away free before Sony could bring them to market. Sony quickly
organized internal staff to deal with this problem and contacted the FBI and the private security
firm FireEye to find ways to protect employees whose personal data had been exposed by the
hack, repair the damaged computers, and hunt down the hackers. The attack may have been
motivated in part by Sonys plans to release a film called The Interview about two bumbling TV
reporters trying to assassinate North Korean leader Kim Jong-un. North Korean officials had
previously expressed objections to the film at the United Nations. A December 16, 2014, message
from the Guardians of Peace threatened terrorist actions at theaters showing the film. Sony pulled
the film from theatrical release the next day, and a number of U.S. theater chains announced they
would not screen the film. U.S. government officials stated on December 17 that they believed the
North Korean government was involved with the Sony hack, pointing to North Korean hackers
previous us.
(2015) This slides to show the audience how APT work and can cause massive data breach in one famous company in US. Lesson learned: keep security in mind for the sake of your business.
How to protect the cookies once someone gets into the cookie jarJudgeEagle
A new and innovative software solution designed to protect sensitive data stored in a company's database from breaches that goes beyond mere data encryption and significantly increases the level of protection of their sensitive data.
How to protect the cookies once someone gets into the cookie jar
SEC 573 Project 1 2.22.15
1. 1
Timothy S. Haney
SEC 573: E-Business Security
Research Project 1
Sony Breach
Professor Ed Sadeghi
Week 3
2/22/15
2. 2
Table of Contents
Company Overview…………………………………..……………………………………………………………………………….3
Analysis……………………………………………………………………….…………………………………………………….………3
Hacker Warning Picture…………………………………………….…………………………………………………………..….4
Phishing Diagram………………………………………………………….…………………………………………………….…….5
Solutions……………………………………………………………………………………………………………………………………8
Kill Chain Model Diagram…………………………………………………………………………………………………………13
Conclusion……………………………………………………………………………………………………………………………….13
References……………………………………………………………………………………………….…………………………..…15
3. 3
Company Overview
Sony Corporation of America is based in New York, and is a subsidiary of Japan’s Sony
Corporation. Sony’s principle businesses include Sony Music Entertainment Inc., Sony/ATV
Music Publishing, Sony Pictures Entertainment Inc., Sony Electronics Inc., and Sony Computer
Entertainment Inc. Sony announced total revenue of $75.5 billion in 2014, the highest the
figure has been since 2008 (Statista, 2015). Sony specializes in producing movies, music, game
consoles, and personal electronics, among other product and services.
Analysis
On November 22, 2014, a group calling itself #GOP (the Guardians of Peace), displayed a
screen shot on every company PC showing a red skull with warnings and threats of extortion.
Sony’s Twitter accounts were also seized by the hackers, who posted an image of Sony CEO
Michael Lynton in hell (Zetter, 2014). It was at this moment when many servers and PCs started
crashing. The network was unusable and had to be shut down. The hackers were believed to be
from North Korea, and had supposedly infiltrated Sony’s systemfor approximately a few
months to a year before anyone was aware. The attackers appeared to be skilled and very
knowledgeable about Sony’s system. In the months prior to the warnings posted on the PCs,
the hackers leaked large amounts of highly sensitive information online in the form of
unreleased movies and film scripts, network usernames and passwords, network architecture
information, employee health care data, salary data, social security numbers, and email
communications (Alvarez, 2014; Krebs on Security, 2014). Approximately 100 terabytes of data
were stolen from Sony’s systems (Zetter, 2014).
4. 4
Fig. 1: Screenshot of the “red skull”warningthatappeared on Sony’s computers on the day the GOP
hacker group made themselves known (Zetter, 2014).
It is still unclear exactly how this breach occurred. Many hacks of this type start with a
phishing attack, which involves sending emails to employees to get them to click on malicious
attachments or links to websites where malware is actively downloaded to their machines
(Zetter, 2014). The other, more likely scenario involves the hackers obtaining the user
credentials from a disgruntled employee in exchange for money or revenge. Once the attackers
possessed the administrator credentials, they were able to map the network and gain access to
other protected systems. This access enabled them to look at the network architecture for
servers and databases around the world, and obtain all of the usernames and passwords for
this equipment. Within the information they obtained was a list of routers, switches, and load
balancers with usernames and passwords to administer them. Sony had to completely shut
down its network once it detected the attack in order to re-structure and secure the network.
5. 5
Fig. 2: Graphic describingtheprocess of a malwarephishingattack commonly used to enable hackers to obtain
usernames and passwords fromusers.
This event was extremely damaging to Sony’s reputation. It was very embarrassing to
have all of this sensitive data leaked online. More importantly for Sony’s bottom line, however,
was that the stolen data also included the script for an unreleased TV show pilot by Vince
Gilligan, the creator of Breaking Bad, as well as full copies of several Sony films, most of which
had not been released in theaters yet (Zetter, 2014).
An FBI warning was released the week of the Sony hack alerting companies and
organizations about destructive malware designed to destroy data. The alert warned users
about malware capable of wiping data from systems in such an effective way as to make the
data unrecoverable (Zetter, 2014). The memo warned about how the malware has the
capability to overwrite a victim host’s master boot record (MBR) and all data files. The
6. 6
overwriting of data files makes it extremely difficult and costly, if not impossible, to recover the
data using standard forensic methods (Zetter, 2014).
Once analyzed, the malware was shown to contain a hard-coded list that named 50
internal Sony computer systems based in the U.S. and U.K. that the malware was attacking, as
well as the log-in credentials it used to access them. To do the wiping, the attackers used a
driver from a commercially-available product designed to be used by system administrators for
legitimate maintenance of systems. The product is called RawDisk and is made by Eldos. The
driver is a kernel-mode driver used to securely delete data from hard drives or for forensic
purposes to access memory (Zetter, 2014).
Some of the malware files examined appear to have been compiled on a machine that
was using Korean language. This refers to the encoding language on a computer, which is the
language spoken by the user. The FBI has claimed it hacked North Korea a year ago, and has
evidence from the malware which it released on the North Korean network indicating the IP
addresses of the known Korean hackers are the same as the IP addresses used in the attack
against Sony. The hack also coincided with the releasing of the movie The Interview, about an
assassination attempt by the U.S. on Kim Jong Un, leader of North Korea.
The potential damages to Sony for the stolen data are loss of reputation, a drop in stock
price, and a decrease in consumer confidence. People will be less likely to shop at Sony for fear
of having their credit card information leaked online on the Internet for everyone to see. Sony
will lose out a lot of potential revenue for the movies and scripts which were leaked online.
7. 7
Potential employees may not want to work at Sony for fear of their private information being
hacked.
This hack had a noted effect on data confidentiality, integrity, and availability. Data
confidentiality is affected when unauthorized individuals or groups have access to sensitive
information. In the case of the Sony breach, when the private company’s information, movies,
medical history, and other sensitive data was leaked online, this affected data confidentiality.
Sony’s data integrity was affected when the malware deleted the files from the servers and
databases. Data integrity is affected when data is altered or changed. When the hackers shut
down the systemby deleting the MBR on servers and databases making the network unusable,
Sony had to shut down and re-architect the network, thus affecting data availability. Data
availability is affected when the data is not available to use.
For risk assessment of assets, risk equals vulnerability multiplied by threat. We assess
assets for vulnerabilities and remove them to decrease risk. We still have to take into account
the potential threats. A threat is an object, agent, or event that could cause damage to the
organization’s assets. Threats typically cannot be eliminated altogether. Acts of nature, for
instance, are beyond our control; so, too, are most threats. We can prosecute a hacker, but we
cannot eliminate the threat that hackers pose. According to Verizon’s Data Breach
Investigation Report (DBIR), 92% of the attacks in the last ten years have been either cyber-
espionage, DoS attacks, crimeware, web application attacks, insider misuse, miscellaneous
errors, physical theft & loss, payment card skimmers, or point-of-sale intrusions (Verizon,
2015).
8. 8
According to the Verizon DBIR, the most likely attacks are web application attacks and
cyber-espionage (Verizon, 2015). The threat for the Sony breach was probably a combination
of cyber-espionage and insider misuse. It is likely an insider gave administrator credentials to
the hackers. Once inside the network, the hackers took advantage of the unencrypted
passwords for all of the servers, databases, routers, and switches around the world, which were
easily accessible in one data folder. The fact that all these important passwords were
unencrypted is an indicator of compromise (IOC). The threat (in this situation, the group of
hackers) could use this information to cause a lot of damage. Another IOC could be if one of
the hackers left a USB drive in the parking lot of Sony and one of the Sony employees plugged it
into the system, giving the attackers access to the network. To mitigate these threats,
Lockheed Martin’s Computer Incident Response Teamhas created an intelligence-driven
defense process, Cyber Kill Chain, which allows information security professionals to proactively
remediate and mitigate advanced threats in the future. By using this tool, Sony could anticipate
what the threats will do and put controls into place to minimize the threat.
Solutions
There are potentially many controls Sony could put into place to mitigate potential
threats. One control to put into place could be to stop a disgruntled employee with escalated
privileges from attacking or allowing the network to be attacked by outside intruders. A
common challenge organizations are faced with is balancing end user productivity with security.
Sony leaned too far towards a user friendly system, allowing the attackers to move freely
throughout the organization once compromised. It is typical that companies which permit
users to run as administrators are more susceptible to a breach. If this was the entry point,
9. 9
removing end user admin permission would be a key change (Tribbey, 2014). The users would
have only need-to-know access—for example, the ability of systems admins to perform
application and database privileges would be restricted (Quora, 2014).
The passwords that the hackers found were in clear-text documents. A very obvious
control to put into place would be encryption of all passwords on the shared network and
desktops. Attackers would have a much tougher time obtaining passwords if they were
encrypted. A policy stating that no passwords can be stored in clear-text should be
implemented and must be enforced.
Another control to put into place would be user awareness training detailing best
practices for security. It would also explain how to avoid common phishing scams. A strong
spam blocker could be implemented from Microsoft. The product will send malicious emails
with attachments to the spam folder to be flagged and checked.
Sony could hire a new CISO (chief information security officer) to rewrite Sony’s security
policies and procedures to coincide with best practices and standards. This officer would
attempt to go above and beyond minimum requirements to gain back the confidence in their
company which was lost due to the breach. The CISO would be responsible for configuring all
tools properly. Companies have many information security tools, but they do no good unless
configured properly. The CISO must also put the processes in place to monitor and use the
tools correctly. Tools are useless without processes. The CISO should implement a plan for
regular audits and an incident response plan (DRP/BCP), which should be tested regularly.
10. 10
Sony did not manage the personally identifiable information well. This information
could be segmented and isolated from the rest of the network, along with encryption. It should
go on the high risk asset list to be watched over more carefully than less important data.
A new policy could be put into place to not allow USB ports to upload/download
information. The product USB Block will prevent theft and data leakage of important files,
documents and source codes from devices like USB Drives, CD/DVD, and network computers.
Sony can white-list their own USB drives and devices. Whenever an unauthorized device is
detected, a password prompt comes up (USB Block, 2015).
Sony’s attackers indicated on screenshots that their doors were no longer locked. Sony
could hire security guards to increase physical security to check for intruders piggybacking an
employee at the entrance. A badge should be required to enter the garage, garage elevator,
the building, and to use the elevator in the building. High-resolution cameras should be
installed everywhere to view license plates and faces.
Sony could invest in some tools to detect the intruders while they are still in the
beginning enumeration phase of hacking. The FireEye network security malware tool
recognizes the behavior of viruses while in transit. This tool blocks zero-day web exploits due
to the behavioral anomaly technology. It also blocks multi-protocol callbacks to help scale their
advanced defenses across a range of deployments. When the viruses call back to the sender
(attacker) the software tracks the destination of the callback to find a location. This product is
designed to detect malware on a system. This tool would prevent future attacks using malware
to steal sensitive company data (FireEye, 2014).
11. 11
Another useful product Sony could implement is the log management device Splunk.
Splunk provides the industry-leading software to consolidate and index any log and machine
data, including structured, unstructured, and complex multi-line application logs. You can
collect, store, index, search, correlate, visualize, analyze, and report on any machine-generated
data to identify and resolve operational and security issues in a faster, repeatable, and more
affordable way. It is an enterprise—ready, fully integrated solution for log management data
collection, storage and visualization (Splunk, 2015). This tool would help accumulate the data
needed to find an intruder. The event data goes from Splunk to sys log server to be stored.
The tool Exabeam could be used for behavioral analysis. Exabeam adds security
intelligence on top of existing SIEM (security information and event management) and log
management data repositories to understand a complete picture of the user session, allowing
the technology to detect and assemble the full attack chain. The Exabeam User Intelligence
solution uses a powerful combination of session assembly and Stateful User Tracking, behavior
analysis and risk scoring to automatically determine the likelihood of an attack and prioritize
responses. The product specializes in behavior analysis, but performs many functions, such as
enhance current SIEM investments, detect threats in real time, and customize deployment. The
behavior analysis learns user and peer group behavior and characteristics across multiple
dimensions. Dimensions can be time, day of the week, location, or object access, and each
dimension is compared against the normal baseline. Then anomalies are identified (Exabeam,
2015). This tool will notify the security team that something is not right within a certain user’s
behavior because it would not be consistent with the observed pattern of normal user
behavior.
12. 12
The managed security services of Solutionary could really help out Sony’s security team.
Solutionary delivers flexible managed security services that work the way the clients want;
enhancing their existing security program, infrastructure, and personnel while relieving the
information security and compliance burden. Solutionary combines deep security expertise and
proven operational processes with the patented, cloud-based ActiveGuard security and
compliance platform to improve security and address compliance with regulations such as PCI
DSS (payment card industry data security standard), HIPAA (health insurance portability and
accountability act), GLBA (Gramm–Leach–Bliley act), Sarbanes-Oxley, and more (Solutionary,
2015). Sony likely has millions of events generated each day for their security team to look
over. Solutionary has trained engineers ready to take over that monitoring position.
Companies like Target could have used Solutionary to catch the high risk events. Sony could
use this service to notice the attackers once the notification is generated by Splunk.
The kill chain model has seven phases, which are reconnaissance, weaponization,
delivery, exploitation, installation, command and control, and actions on objectives. The steps
involve gathering information, creating a malicious program to infiltrate, delivery of the
program, installing the program on the network, taking command of the network, achieving the
goal with keyboard power over the network. These threats are much tougher now than 15
years ago. The threats now are considered APT (advanced persistent threat). The APT will get
on the network and stay as long as possible until detected. Companies with weak information
security infrastructures are easy prey for these advanced attackers.
13. 13
Conclusion
There are many policies, procedures, products, and services that will effectively mitigate
the risk of the e-commerce threat. There were many IOCs (indicators of compromise) revealed
14. 14
at the Sony breach which should indicate to Sony that they must implement controls to
mitigate the threat. Sony should use these IOCs to create a kill chain framework. The kill chain
framework will focus on the threat instead of the assets. The threat would exploit the
weaknesses I have described earlier to infiltrate the network. Controls will be put into place to
mitigate the threat. The changes should start with a new CISO, enforcing industry policies and
procedures for best practices. The FireEye, Splunk, and Exabeamtools, if implemented with
proper processes, will effectively mitigate a similar intruder in the future by noticing behavior
anomalies and flagged events. The services of Soutionary could facilitate that idea to be
handled properly. The users should not have too many privileges in case of a disgruntled
employee, passwords should not be stored in clear-text (policy of encrypting passwords should
be implemented), and USBs should not be used to upload or download information from the
network. The CISO should implement user awareness training for better email security, stricter
physical security, regular audits, and DRP/BCP with regular testing.
15. 15
References
Alvarez, E. (2014, December 10). Sony Pictures hack: the whole story. Retrieved from
http://www.engadget.com/2014/12/10/sony-pictures-hack-the-whole-story/
Exabeam. (2015). Exabeam Solution Overview. Retrieved from http://www.exabeam.com/wp-
content/uploads/Exabeam_SolutionOverview_v0115.pdf
FireEye. (2014). FireEye Network Threat Prevention Platform. Retrieved from
https://www.fireeye.com/content/dam/fireeye-www/global/en/products/pdfs/fireeye-
network-threat-prevention-platform.pdf
Krebs on Security. (2014, December 2). Sony Breach May Have Exposed Employee Healthcare,
Salary Data. Retrieved from krebsonsecurity.com/2014/12/sony-breach-may-have-exposed-
employee-healthcare-salary-data/
Quora. (2014, December 23). What Do Security Professionals Think Sony Should Have Done
Differently Between the 2011 Playstation Hack and the 2014 Sony Pictures Hack to Protect
Themselves? Retrieved from http://www.quora.com/What-do-security-professionals-think-
Sony-should-have-done-differently-between-the-2011-Playstation-Hack-and-the-2014-Sony-
Pictures-Hack-to-protect-themselves
Solutionary. (2015). Managed Security Services | Solutionary. Retrieved from
http://www.solutionary.com/services/managed-security-services/
Splunk. (2015). Log management solutions: tap log data to see what's happening in your
business | Splunk. Retrieved from http://www.splunk.com/en_us/solutions/solution-areas/log-
management.html
Statista. (2015, January). Sony business segments sales share 2014 | Statistic. Retrieved from
http://www.statista.com/statistics/279272/proportion-of-sonys-sales-by-business/Zetter, K.
(2014, December 3).
Tribbey, C. (2014, December 22). Experts: Lessons to be learned from Sony Cyber Attack
(CDSA): Content Delivery and Security Association. Retrieved from
http://www.cdsaonline.org/latest-news/experts-lessons-to-be-learned-from-sony-cyber-attack-
cdsa/
USB Block. (2015). USB Block - Data Leak Prevention Software - Free Download. Retrieved from
http://www.newsoftwares.net/usb-block/
Verizon. (2015, January). 2014 Verizon Data Breach Investigations Report (DBIR) | Verizon
Enterprise Solutions. Retrieved from http://www.verizonenterprise.com/DBIR/2014/
Zetter (December, 2014) Sony Got Hacked Hard: What We Know and Don't Know So Far |
WIRED. Retrieved from http://www.wired.com/2014/12/sony-hack-what-we-know/