
By Sarah Morgan
Sony Pictures was crippled this week when cybercriminals forced the shutdown of their internal systems.
Imagine getting into work on Monday morning, booting-up your
PC and being greeted with this:
It feels like something out of a cheesy 90’s spy-thriller
but this is the reality that Sony Pictures employees had to deal with on
Monday…and are still dealing with 4 days later.
Yes, Sony’s internal network had become the next victim of
cybercrime in this recent
spate of hacking. It’s a clear message for organisations: invest in your cybersecurity
or this could happen to you.
Warning messages threatening to release data ‘secrets’, if
undisclosed demands were not met, appeared on all internal computers,
preventing login. The message also displayed ‘#GOP’ – pointing to a group named
Guardians of Peace.
As of Thursday morning, the network remains down on many
Sony offices and according to information reportedly shared by employees, it
could be down for weeks.
Hackers also targeted Twitter accounts associated with Sony
Pictures, leaving the same message and calling out Sony Pictures CEO:
“You, the criminals
including Michael Lynton will surely go to hell. Nobody can help you.”
If that wasn’t enough, the digital image also showed Michael
Lynton’s head, edited into some form of Night Of The Living Dead landscape. These
hackers clearly want to capitalise on the fear they can strike into the world’s
biggest businesses.
One reddit
user, posted a copy of a message allegedly displayed on the hacked network.
The redditor explained, “I used to work for Sony Pictures. My friend still
works there and sent me this. It's on every computer all over Sony Pictures
nationwide.”
The post explained how the public could gain access to the 217.6mb
.ZIP file, allegedly containing lists pulled from the organisations internal
network.: “These two files are the lists of secret data we have acquired from
SPE,” and that “Anyone who needs the data, send an email titled To the
Guardians of Peace to the following email addresses.” A list of e-mail
addresses attached to anonymous email services like Yopmail and Disgard.email
followed.
Reddit users jumped at the opportunity to scour the
allegedly leaked filed. A thread on the breach claims that the .ZIP file
contains passwords of Sony employees, copies of passports of actors associated
with Sony films and masses of Outlook archival data.
In the typical damage-mitigating style of big companies
experiencing big problems, Sony issued a statement saying the firm is
investigating the ‘IT matter.’
Well that’s a relief.
Hack me once, shame
on you
Sony is no stranger to being hacked. The infamous
PlayStation Network hack of 2011, in which 77 million personal details were
stolen, resulted in complete outage of the service for 24 days.
At the time it was one of the largest data breaches in
history and remains a black mark on the Japanese company’s reputation.
As recently as August 2014 we watched as another major
attack, once again, befell the PlayStation network. The service was forced
offline once more, though this time for a single day.
Could your business
survive a hacking attack?
Clearly, Sony has failed to invest sufficiently in their
cybersecurity and organisations must learn from their costly mistakes.
Organisations need to begin investing in professionals with
the skills necessary to prevent intrusions like Sony’s from ever happening.
Qualifications like EC-Council’s Certified Ethical Hacker
(CEH) are valuable to keep organisations secure. By employing or training
professionals and helping them to achieve certifications like the CEH,
businesses can proactively defend and prevent these crippling attacks.
Ethical hackers can conduct staged penetration tests against
your business – will your defences hold up against a real hacker? Either way,
you’ll get real insight into how you can improve your security and protect your
organisations valuable data. After all, the techniques that Ethical hackers use
are identical to those employed by cybercriminals.
The need for certified ethical hackers is real
and with every data breach this point is hammered home.
20% of small and medium sized businesses have been targeted
by cybercriminals in the past year, costing the global economy $500 billion annually.
And it’s getting worse: reports already predict an increase
in cybercrime next year.
In fact, with more advanced hacking tools, we can expect
more targeted attacks on businesses small and large.
Sony’s latest breach is a strong message to businesses: invest
in cybersecurity or face the consequences.
About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.