Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

12/16/2014
03:40 PM
Sara Peters
Sara Peters
Quick Hits
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Sony Warns Media About Disclosure, Staff About Fraud, 'Bond' Fans About Spoilers

A wrapup of the latest Sony attack fallout.

Sony is trying to stem the bleeding of its most recent colossal, complex cyberattack, but new corporate secrets keep spilling out. The latest leak is a draft script for the next James Bond film, Spectre.

This week, Sony alerted its staff to be on the lookout for fraudulent use of their identity information. The company confirmed that employees' Social Security numbers, credit card details, bank account information, healthcare information, and data about salary and compensation were exposed.

Also, journalists picking through the pile of internal Sony emails are unearthing conversations between company executives and others in Hollywood that are embarrassing, to say the least. BuzzFeed published some emails between Sony Pictures co-chair Amy Pascal and Scott Rudin, the producer of Moneyball, The Girl With the Dragon Tattoo, and many other big Hollywood movies.

Before a fundraiser for President Obama, Pascal and Rudin had a conversation that devolved into them joking about what the president's favorite films might be. They mention movies about slavery (Django Unchained and 12 Years A Slave), a movie about an African-American servant who works in the White House (The Butler), and two movies that star the African-American comedic actor Kevin Hart (Think Like A Man and Ride-Along).

In a long series of emails published by Gawker, Rudin called Angelina Jolie a "minimally talented spoiled brat" and producer Megan Ellison (daughter of Larry) a "28-year-old lunatic."

In response to those disclosures, Sony is now threatening the news media with legal action. Saturday, David Boies, a famous attorney representing the company, issued a letter to news organizations Saturday -- including Re/code, Gawker, The New York Times, The Wall Street Journal, the Los Angeles Times, Variety, and Bloomberg -- demanding that they cease using leaked data and destroy all copies of it.

    We are writing to ensure you are aware that [Sony Pictures Entertainment (SPE)] does not consent to your possession, review, copying, dissemination, publication, uploading, downloading, or making any use of the Stolen Information, and to request your cooperation in destroying the Stolen Information...

    Failure to comply means SPE will have no choice but to hold you responsible for any damage or loss arising from such dissemination by you, including any damages or loss to SPE or others, and including, but not limited, to any loss of value of intellectual property and trade secrets resulting from your actions.

It's rumored that Sony has also gone on the offensive in other ways. Re/code reported that two unnamed sources told them Sony was using Amazon Web Services servers in Asia to launch DDoS attacks against websites where the stolen data is available. Amazon has denied being a part of any such activity.

The scope of the Sony attack is certainly broad. "This attack is unprecedented in nature," Kevin Mandia, COO of FireEye and founder and CEO of Mandiant -- which is conducting the forensic investigation -- wrote in a Dec. 8 letter to Sony. "In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared."

Yet other security experts are challenging that assessment. In an interview with Dark Reading last week, Oren Falkowitz, founder and CEO of Area 1 Security, dismissed the definition of "unprecedented," saying, "Our team has seen these things before."

Ken Levine, president and CEO of Digital Guardian, said in an email:

    We have tremendous respect for Kevin Mandia and the team he's assembled at FireEye's Mandiant, but we completely disagree with the statement he made over the weekend. He is clearly offering Sony the opportunity to hide behind the veil of advanced persistent threats or APTs...

    The truth is, there is nothing new about what these attackers are doing. They are using the same tactics they've used before to get inside these organizations (someone clicks on an attachment with malware and the malware sits and waits) and FireEye and/or other security products could have, should have caught this.

Whether or not the nature of the attack is revealed to be relatively commonplace, one thing may make recovering from it uniquely difficult. The breached data included network maps, credentials, and nearly everything else a person would want to know about SPE's IT infrastructure -- making it impossible for the company to simply recover. It may need to rebuild entirely. Otherwise, it is setting itself up to be compromised all over again.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
12/16/2014 | 7:11:11 PM
Three Things Sony forgot: Baseball, Apple Pie and the Constitution.

I really don't know where to start with the latest from Sony.  Everyday brings more and more desperation.   Now they want to squelch freedom of speech ?  Last time I checked Sony does business in the United States of American not the United States of Sony.

Amazing how everyone else must bear the burdened of their pompous ineffectiveness.

Speaking of freedom of speech, isn't that what got Sony into this mess in the first place ?

COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15596
PUBLISHED: 2020-08-12
The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.
CVE-2020-15868
PUBLISHED: 2020-08-12
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
CVE-2020-17362
PUBLISHED: 2020-08-12
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
CVE-2020-17449
PUBLISHED: 2020-08-12
PHP-Fusion 9.03 allows XSS via the error_log file.
CVE-2020-17450
PUBLISHED: 2020-08-12
PHP-Fusion 9.03 allows XSS on the preview page.