Lest We Forget the Sony Hack

While the media storm surrounding Sony has subsided and the whodunit game has come to a stand-still, (The FBI is still pointing the finger at North-Korea.) the main consequences regarding the cyber-attack still remain to be addressed. Just this week, Sony declared it will miss the deadline for issuing its 3Q-2014 results due to the attack, and in the background, its employees are already gearing up for a class-action lawsuit.

The Sony hack brought to light some of the past year’s most important trends in the cyber field, including the proliferation and monetization of advanced attack methods, which led to the rise in large-scale devastating attacks; the shift in focus by attackers to being asset-oriented; and the fact that companies and organizations also fall under the paradigm that for every action there is a cyber-reaction.

Free eBook: Modern Retail Security Risk – Get your copy now.

Just as in the case of nuclear weapon proliferation where scientists such as A.Q. Khan transferred nuclear technology and training to Iran and Libya, we now see the same happening with advanced cyber-attack methods. Nation-states, nation-backed attackers, and organized crime syndicates are all at the high end of the capability ladder, with advanced tools being used as part of cyber-espionage campaigns and attacks.

The proliferation and monetization of advanced tools have led attackers to begin using them more frequently. These new actors include financial hackers, independent espionage groups, and basically any attacker with enough money and motivation.

Additionally, it is a known fact that many of the common malware today are actually reused and reversed-engineered code. This helps shed light on situations where similar code is seen in what seems to be otherwise completely different and unrelated attacks. For instance, research recently showed that attackers managed to modify the known Citadel financial malware (variant of Zeus) in order to perform espionage on Middle-Eastern pharmaceutical companies[1].

Another interesting trend is the shift in focus for attackers. While in the past, it was “simple” – financial-hackers targeted banking and finance, hacktivists targeted governments, and nation-states performed espionage on pretty much everybody – today, the tides have turned. As seen in the recent huge-scale attacks on American retailers and food chains, financial hackers began targeting every type of organization that manages financial transactions or holds payment card data. Attackers are very asset-oriented; they are more interested in the asset than the business sector they attack. To prove the point, we’ve recently seen attackers targeting parking lots’ payment systems to copy credit-card information. This, also, is part of the monetization trend.

[1] http://securityintelligence.com/massively-distributed-citadel-malware-targets-middle-eastern-petrochemical-organizations

To read the remainder of this article, please view the original article on Cytegic’s blog here.

About Cytegic

Cy-te-gic /pronounced: sʌɪ-ˈtē-jik/ adjective: A plan of action or strategy designed to achieve a long-term and overall successful Cyber Security Posture Optimization – “That firm made a wise Cytegic decision”.

Cytegic develops a full suite of cyber management and decision-support products that enable to monitor, measure and manage organizational cyber-security resources.

Cytegic helps organization to identify threat trends, assess organizational readiness, and optimize resource allocation to mitigate risk for business assets.