The malware software and cybercriminal technique demonstrated against Sony Pictures could be used in additional attacks targeting US companies, according to a recent alert from the U.S. Computer Emergency Readiness Team (US-CERT). Specifically, the malware, which is similar to code used to target South Korean companies, is able to communicate with operators while spreading quickly and conducting brute-force password attacks against systems.
"Due to the highly destructive functionality of this malware, an organization infected could experience operational impacts including loss of intellectual property and disruption of critical systems," the US-CERT warning stated. It's true that next-generation malware, written by increasingly skilled cybercriminal groups, has a wide variety of different purposes. Although stealing and compromising infected PCs remains lucrative, cyberespionage would be better served by disrupting day-to-day operations of necessary systems.
North Korea has been blamed by the US government for the attack against Sony Pictures, a charge it vehemently denies - has dedicated resources to improving its cyberattack capabilities.