Is the recent Sony attack unprecedented? I guess it all depends on who you listen to.
Network World, for instance, quoted Kevin Mandia, COO of FireEye and formerly CEO of Mandiant:
This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat.
The malware involved in the Sony hack is getting a lot of attention, as the FBI has sent out warnings about it. The malware has been identified as a variant of Destover malware, and while it has not been seen used against a U.S. company before, similar malware has been used in cyberattacks in other countries in the past, primarily in the Middle East and South Korea. The malware was able to steal digital certificates that gave hackers access into the network.
So, while this particular strain of malware might be new here and the FBI is right to warn companies about the risks, not everyone is ready to jump on the “unprecedented” bandwagon. For example, as Bromium’s Clinton Karr told eSecurity Planet:
These attacks are troublesome, but not surprising. Earlier this year we witnessed Code Spaces shutdown after a successful attack destroyed its cloud backups. Likewise, the evolution of crypto-ransomware suggests attackers are targeting the enterprise with destructive attacks. These attacks are unlike the ‘cat burglary’ of Trojan attacks, but much more brute force like a smash-and-grab or straight vandalism.
And as Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi, told me in an email, too many companies aren’t doing enough to prevent attacks like the one against Sony:
Time and again, we’re seeing breached organizations like Sony leave open doors for attackers by failing to protect the trust provided by digital certificates and cryptographic keys. Bad actors have learned that the easiest, fastest and most effective way to inject malware that resides undetected on corporate networks is by signing the malware with compromised or stolen digital certificates. Attackers know that most organizations cannot detect or respond to anomalous certificates that authenticate systems and users on their networks, devices and applications, so they exploit them, just as they did in the Sony hack.
Bocek added that if companies don’t get a better handle on the deployment of digital certificates and keys, we are likely going to see a rise in this type of malware attack. After all, cybercriminals will continue to do what works. If companies are leaving themselves wide open for this new and “unprecedented” attack, you can be sure we’re going to see it over and over again.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba