In recent years, it has become a known fact that if a country or its government performs actions which may be perceived as ‘provocative,’ it automatically becomes a viable target for hackers and specifically hacktivists.
Cyber-reactions have become the norm when it comes to military operations, campaigns, and even tensions between countries – for example, Israel vs. Hamas, Russia vs. Ukraine, India vs. Pakistan, US vs. Iran, and many other cases. The same goes for internal political or law enforcement actions, such as the Ferguson riots, Sweden taking down the Pirate Bay, Occupy Wall Street, and others.
Until now, we didn’t say anything new.
Free Cyber Security Training! Join the revolution today!
But in the past months, we have seen this trend expanding. While once it was relevant almost entirely for governments and law enforcement agencies, now it is becoming more and more relevant for companies and organizations. Just look at these cases from the past few months:
– Sony – Sony Entertainment was breached by hackers belonging to or in support of the North-Korean regime. The hackers managed to penetrate the company’s systems, place destructive malware on almost every computer in the network, and copy just about all of the company’s corporate data. This includes personal identifiable information and healthcare data belonging to employees, financial plans, future projects, and even internal email correspondence. This attack was apparently done as retaliation for the company’s plan to release a movie that was embarrassing to North-Korea’s Kim Jong-un. That’s about it. (Did I hear someone saying “the Innocence of Muslims”?)
– Leumi-Card – Israeli-based credit-card operator Leumi-Card had the payment information of millions of its customers compromised when a disgruntled employee managed to copy the data from the company’s internal systems before leaving the country and demanding ransom for it. In this case, the employee (which as it seems didn’t have the highest of skills, to say the least) was either upset with his career stagnating or with the fact that the company was about to let him go and decided to steal information as retaliation. This is an important point companies should keep in mind: if you give an employee his notice, you have to take preventive actions to keep him from abusing his privileges to hurt the company.
– Monsanto – Agricultural biotech conglomerate Monsanto was breached, its website defaced and sensitive information regarding hundreds of its employees and thousands of its customers and colleagues compromised by the hacktivist collective Anonymous. The attack was done as retaliation for the company’s lawsuits against organic farmers whose products were labeled as not containing growth hormones. Monsanto is, amongst other things, the world’s largest producer of genetically modified seeds.
– Las-Vegas Sands – The Las-Vegas Sands Corporation, the largest casino operator in the world, was attacked by hackers who managed to deface its website, leak personal employee and customer information, and more importantly destroy thousands of servers and computers using a destructive Wiper malware on the hard disks. The financial and PR damages were astounding. This attack was done as retaliation for remarks made by Sheldon Adelson, the company’s chairman and CEO, against the Iranian regime. Specifically, Adelson stated that the USA should bomb Iran with a nuclear bomb to deter it from continuing its nuclear weapons program. Smart. Both this case and the Sony case are the definition of “don’t poke the bear”.
To read the remainder of this post, please view the original article published on Cytegic’s blog here: .
About Cytegic
Cytegic develops a full suite of cyber management and decision-support products that enable to monitor, measure and manage organizational cyber-security resources.
Cytegic helps organization to identify threat trends, assess organizational readiness, and optimize resource allocation to mitigate risk for business assets.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.