By Sarah Morgan
Sony Pictures was crippled this week when cybercriminals forced the shutdown of their internal systems.
Imagine getting into work on Monday morning, booting-up your PC and being greeted with this:
It feels like something out of a cheesy 90’s spy-thriller but this is the reality that Sony Pictures employees had to deal with on Monday…and are still dealing with 4 days later.
Yes, Sony’s internal network had become the next victim of cybercrime in this recent spate of hacking. It’s a clear message for organisations: invest in your cybersecurity or this could happen to you.
Warning messages threatening to release data ‘secrets’, if undisclosed demands were not met, appeared on all internal computers, preventing login. The message also displayed ‘#GOP’ – pointing to a group named Guardians of Peace.
As of Thursday morning, the network remains down on many Sony offices and according to information reportedly shared by employees, it could be down for weeks.
Hackers also targeted Twitter accounts associated with Sony Pictures, leaving the same message and calling out Sony Pictures CEO:
“You, the criminals including Michael Lynton will surely go to hell. Nobody can help you.”
If that wasn’t enough, the digital image also showed Michael Lynton’s head, edited into some form of Night Of The Living Dead landscape. These hackers clearly want to capitalise on the fear they can strike into the world’s biggest businesses.
One reddit user, posted a copy of a message allegedly displayed on the hacked network. The redditor explained, “I used to work for Sony Pictures. My friend still works there and sent me this. It's on every computer all over Sony Pictures nationwide.”
The post explained how the public could gain access to the 217.6mb .ZIP file, allegedly containing lists pulled from the organisations internal network.: “These two files are the lists of secret data we have acquired from SPE,” and that “Anyone who needs the data, send an email titled To the Guardians of Peace to the following email addresses.” A list of e-mail addresses attached to anonymous email services like Yopmail and Disgard.email followed.
Reddit users jumped at the opportunity to scour the allegedly leaked filed. A thread on the breach claims that the .ZIP file contains passwords of Sony employees, copies of passports of actors associated with Sony films and masses of Outlook archival data.
How Sony responded
In the typical damage-mitigating style of big companies experiencing big problems, Sony issued a statement saying the firm is investigating the ‘IT matter.’
Well that’s a relief.
Hack me once, shame on you
Sony is no stranger to being hacked. The infamous PlayStation Network hack of 2011, in which 77 million personal details were stolen, resulted in complete outage of the service for 24 days.
At the time it was one of the largest data breaches in history and remains a black mark on the Japanese company’s reputation.
As recently as August 2014 we watched as another major attack, once again, befell the PlayStation network. The service was forced offline once more, though this time for a single day.
Could your business survive a hacking attack?
Clearly, Sony has failed to invest sufficiently in their cybersecurity and organisations must learn from their costly mistakes.
Organisations need to begin investing in professionals with the skills necessary to prevent intrusions like Sony’s from ever happening.
Qualifications like EC-Council’s Certified Ethical Hacker (CEH) are valuable to keep organisations secure. By employing or training professionals and helping them to achieve certifications like the CEH, businesses can proactively defend and prevent these crippling attacks.
Ethical hackers can conduct staged penetration tests against your business – will your defences hold up against a real hacker? Either way, you’ll get real insight into how you can improve your security and protect your organisations valuable data. After all, the techniques that Ethical hackers use are identical to those employed by cybercriminals.
The need for certified ethical hackers is real and with every data breach this point is hammered home.
20% of small and medium sized businesses have been targeted by cybercriminals in the past year, costing the global economy $500 billion annually. And it’s getting worse: reports already predict an increase in cybercrime next year.
In fact, with more advanced hacking tools, we can expect more targeted attacks on businesses small and large.
Sony’s latest breach is a strong message to businesses: invest in cybersecurity or face the consequences.
About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.