The strange case of the Sony Pictures hack
Four4Four SciTech: The shockwaves from last week’s mysterious cyberattack on Sony Pictures are still being felt across the tech sector
U.S. businesses are the target of continuous attacks from cyber criminal gangs and state sponsored hackers. While high-profile incidents such as the Sony Pictures Entertainment hack may mark a trend in new, highly destructive attacks, there are also plenty of less high-profile threats that could damage the American economy.
Last week Sony Pictures uffered a major data breach when its corporate network was taken offline. The incident caused great alarm within law enforcement and intelligence agencies amid fears that a destructive cyberattack could seriously compromise the business processes of other companies operating on U.S. soil.
The Sony Pictures hack certainly creates a dangerous precedent. Similar attacks have targeted multinational companies in the past, but not with the same consequences for a U.S.-based company.
The attack is similar to the hack that blocked operations of the Saudi Aramco oil company in 2012. In that case, a computer virus dubbed Shamoon infected nearly 30,000 of the firm’s workstations. The Saudi Arabian company’s operations were also disrupted while all the targeted servers were cleaned and restored.
The Shamoon malware was subsequently used in an attack against Qatar-based RasGas that knocked its systems offline.
Last week’s Sony attack has raised concerns about imminent malware-based attacks that could compromise the U.S. economy. The FBI, for example, has already issued a confidential warning to U.S. businesses about possible malware-based attacks. The confidential "flash" warning includes technical details about the Sony attack’s highly destructive Wiper malware.
The malware is considered particularly dangerous because it can override all data on infected computers’ hard drives, including the master boot record, preventing them from booting up.
Law enforcement has reportedly shared the five-page report with security staff at some U.S. companies via email.
"I believe the coordinated cyberattack with destructive payloads against a corporation in the U.S. represents a watershed event," said Tom Kellermann, chief cybersecurity officer at security software company Trend Micro, in a Reuters report. "Geopolitics now serve as harbingers for destructive cyberattacks."
The FBI report warns that incident response in case of attack could be very difficult, time consuming and expensive, according to Reuters. Sony, which is working closely with law enforcement, says that its investigation into the hack is still ongoing.
There has also been plenty of speculation that North Korean hackers are behind the attack, although, at this stage, no official allegations have been made.
Experts, however, have noted that the attack’s timing appears timed to coincide with the forthcoming release of “The Interview,” a Sony Pictures film which has prompted outrage from North Korea. The film, which stars Seth Rogen and James Franco, depicts a CIA plot to assassinate North Korean leader Kim Jong-un.
Despite all the attention focused on the Sony Pictures hack, there are plenty of other cyber threats to the U.S. economic system. Cyber criminals, for example, are exploiting technology and hacking techniques to gain a financial advantage in the stock market.
Network security specialist FireEye recently issued a report on a hacking team dubbed FIN4, which specializes in hacking publicly traded companies, syphoning off sensitive information such as merger and acquisition data.
FIN4 has been active since at least since mid 2013, according to experts, who say that its members are likely American due to their deep knowledge of Wall Street and use of English slang.
“FIN4 has pursued targets at more than 100 organizations, over two-thirds of which are public healthcare and pharmaceutical companies. The remaining targets include advisory firms that represent public companies and a handful of public companies in other sectors closely followed by market watchers, ” said FireEye, in its report.
FireEye warns that FIN4 is targeting top executives, legal counsel, researchers and outside consultants to gain insider information that could influence stock prices and give the attackers a significant trading advantage.
In contrast to the Sony case, the FIN4 team uses well-crafted spear phishing emails in an attempt to steal legitimate email credentials.
FIN4 is evidence that criminal organizations are evolving. By hacking systems they are able to steal sensitive financial data, which they then exploit for financial gain.
The scenario is both complex and insidious, with white collar workers and cyber criminals working together to gain an advantage in the financial markets.
Regardless of whether hackers are state-sponsored or members of a criminal gang, their attacks can cause both short and long-term damage to the entire U.S. economy.Small and medium-sized businesses, in particular, are most at risk. With fewer security weapons in their arsenal, they are at a significant disadvantage with regard to Advanced Persistent Threats (APTs) that can operate stealthily, stealing intellectual property and sensitive data over a period of years.
The lack of expertise, resources and a proper security posture leaves these organizations exposed. In the majority of the cases, these businesses enforce a security policy only after a data breach occurs and often it is too late.
The U.S. economy needs an effective cyber security strategy that requests the involvement of several actors, including law enforcement, private industries of all sizes and government entities to prevent serious damage to its vital infrastructure.
Pierluigi Paganini is the author of the book “The Deep Dark Web” and founder of the Security Affairs blog.
Get a daily look at what’s developing in science and technology throughout the world.