Sony Pictures Entertainment was recently hacked by a group that calls itself #GOP, which stands for Guardians of Peace.
A message delivered to Sony read, "We've obtained all your internal data including your secrets," according to The Hollywood Reporter. Following that, the group made demands with which it said Sony had to comply or it would release the data it had infiltrated.
Employees were forced to work from home, according to The Reporter, due to Internet access being unavailable at Sony offices, and The Next Web reported that a single Sony server was compromised by the hackers.
All responses from Sony have been relatively quiet, with a spokesperson telling The Hollywood Reporter that "Sony Pictures Entertainment experienced a system disruption, which we are working diligently to resolve." It has been speculated that Sony shut down its entire network in response to the cyberattack to prevent any more data from being compromised, but only reddit users claimed that to be the case, according to Next Web.
History of hacks at Sony
This break-in has led to criticism of Sony's approach to IT security and email encryption. Anything that isn't protected in a company's server or mainframes is a target for hackers.
"Hackers are always on the hunt for holes in a network, which can happen when a system isn't updated properly or a feature change is made," Hamanshu Nigam, an Internet security expert, told The Hollywood Reporter. "It is critical for companies to conduct self-hacking exercises on a continuous basis to find and patch these vulnerabilities before the hackers find them."
Sony was supposedly also a target of another breach in November, this time affecting its PlayStation Network. Members of a hacking group called DerpTrolling, claimed that they were able to access emails and passwords of gamers. Sony denied the breach occurred, but still suffered from a cyberattack in August on that same network, according to Info Security.
The source added that in 2011, Sony additionally experienced the largest information breach at that time when the personal information of 70 million users was compromised. TechNewsWorld also mentioned that media reports have said the leak could have been replicated or faked.
The aftermath of the attack
The most recent hack may have restricted employees' computer access, but Nigam applauded the response to the attack.
"Sony deserves praise for going offline while they figure out what is happening rather than allow further damage," Nigam told The Hollywood Reporter.
However, others have criticized Sony's lack of security in the IT department.
"This was a perfect example of sloppy IT security and a CISO that did not implement proper privileged identity management, or a disaster recovery backup plan for continuity of business," Phillip Lieberman, president of Lieberman Software, said to TechNewsWorld. "They will be looking for a new CIO and CISO, as this team was unable to even do the basics of their job - ensure security and business continuity."
In response to the hacking by #GOP, Sony has involved the FBI, according to the source. The FBI discovered that a form of malware that makes computers and files inaccessible may be connected to #GOP. FBI warned U.S. businesses that the malware could affect them if they did not have the right IT security in place.
"[This incident] may be setting a precedent for many hackers - and victims - in the future," Jonathan Sander, strategy and research officer for Stealthbits Technologies, told TechNewsWorld. "If this can be done to [Sony], what about the multitude of smaller shops that have valuable data and enough money to be interesting for ransom?"
Nigam also told The Hollywood Reporter that the latest hack may have been a diversion so #GOP could buy time to break into Sony's corporate system. Hacking groups are known to use complex tactics to achieve their ends, which means it is possible that the hack was just a distraction.
Following the attack, several movies were leaked early, all produced by Sony: "Annie," "Still Alive," "Mr. Turner" and "To Write Love on Her Arms." It was insinuated in TechNewsWorld that this was not a coincidence, but connected to the Sony breach. Someone who claimed to be "the boss of #GOP" also emailed journalists the same day the films were released with links to Sony's stolen data.
Finding a solution for these attacks seems difficult in light of how intelligent hackers have become. None of the sources had solutions to Sony's ongoing problem. What's even more frightening is Nigam's earlier point - if an entertainment giant like Sony Pictures Entertainment wasn't prepared for an attack like this, how many other businesses are secured for a cyberattack?
Companies can prepare for any email security breach by utilizing email encryption and secure email providers. Sony's security is in for a big change now the holes that allowed this breach have been exposed, while smaller companies can prepare for cyberattacks by using a third party to put secure email services in place.