Computer-killing malware used in Sony attack a wake-up call

Computer-killing malware linked to the recent attack on Sony Pictures Entertainment should be a wake-up call to businesses, say security experts

Computer-killing malware linked to the recent attack on Sony Pictures Entertainment should be a wake-up call to businesses, say security experts.

The FBI has issued a warning, first reported by Reuters, that is believed to describe the malware used against Sony in a crippling attack which also included the theft of unreleased films and other data.

The firm was forced to shut down its entire computer network on 25 November 2014 after a cyber attack by a group of hackers identifying themselves only as #GOP or Guardians of Peace.

According to the FBI, the malware overrides all data on the hard drives of computers, including the master boot record, preventing them from booting up.

"The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods," the report said.

While this type of attack has been seen before, such as the attack on Saudi Aramco in August 2012 that downed around 30,000 computers, this malware marks a shift in attacks on US-based firms.

Chief technology officer at security firm RedSeal Mike Lloyd said security professionals are well aware this kind of attack is not particularly difficult and the infrastructure at many organisations is very fragile.

“The main reason most cyber thieves do not destroy assets is because they cannot make money by doing so – however, there are evidently other adversaries who do see benefit in this kind of vandalism.

“The Sony attack is a wake-up call for businesses – it explains why the FBI is warning organisations to review their defensive readiness,” he said.

Organisations must review cyber security

According to Redseal chief evangelist Steve Hultquist, the FBI warning underscores the reality that formal security architecture and defences have taken a backseat to other investments.

“As a result, organisations are vulnerable to attacks designed to destroy, steal, or observe and have very limited visibility into how, when and for what purpose they occur,” he said.

Hultquist added that organisations need to develop a stronger co-ordinated response to a likely attack, including stronger authentication than username and password, distributing data so that it is harder to gather complete context, dividing the network into strict security zones and using automation to model the network to ensure effective placement of defences and access controls.

The FBI warning shows that the ability to detect and respond to attacks that are highly sophisticated and damaging is more important than ever, said head of product management at security firm Tier-3 Huntsman Piers Wilson.

“If an attack does take place, particularly if the impact is going to be harmful, then detecting the activity and being able to understand and contain the threat before data is destroyed or leaked in large quantities, as in these recent cases, is vital,” he said.

While little is known about the group calling itself #GOP, Sony Pictures is reportedly investigating whether the recent hack is linked to North Korea.

The company believes the attack may be linked to the film The Interview, which concerns a plot to assassinate North Korean leader Kim Jong Un, according to Re/code.

The film, set to be released on 25 December 2014, stars Seth Rogen and James Franco as journalists who plan to interview the North Korean leader and are recruited by the CIA to kill him.

Read more on Hackers and cybercrime prevention