TweakTown NewsRefine News by Category:
The Sony Pictures hack has had an immediate impact in the form of several soon-to-be-released movies popping up on torrents, and Sony's employee personal records and passwords have also been leaked. Sony has been placed into a lockdown of sorts, and employees are not being allowed to login to their computers. The long-term effects may be even more devastating, as the FBI is warning that the malware used to execute the Sony attack is on the loose. The FBI's five-page flash warning was issued to major US corporations on Monday. The malware was specifically created to attack Sony, but other hackers often modify existing malware for their own purposes. There is an increasing threat of hackers creating a large number of mutations now that the exceptionally virulent bug is on the loose.
The nefarious bug not only steals data, but it also eventually overwrites all information on the storage device. This is particularly devastating. Once overwritten, the data is almost surely unrecoverable. The malware even overwrites the Windows master boot record (MBR), which makes any hope of salvaging data even harder. The warning from the FBI is targeted at businesses, but as with any malware, it will soon trickle out to the wider world at large. Nation-state developed malware is on the rise as shadowy global cyber-warfare campaigns continue unabated. Nations have many more resources at their disposal to create these electronic arms of mass destruction, but completely ignore the fact that these sophisticated hacks eventually spread to the public.
Iranian hackers continue to develop their cyberattack capabilities, and have breached some of the leading energy infrastructure and transport companies, potentially leading to physical damage, the Cylance cybersecurity firm warned.
As part of the widespread campaign, companies in the United States, China, Israel, Germany, France, India and Saudi Arabia have been hit - with industries ranging from aerospace research companies, universities, energy firms, telecommunications operators and hospitals being compromised.
"We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world's physical safety," the Cylance report claimed.
It may have taken the federal government longer than cybersecurity experts would have liked, but the FBI is increasingly working with private sector companies to identify cyberattacks. Recently, the FBI issued a warning about cyberattackers using malware to breach companies, such as the recent Sony Pictures Entertainment attack.
The FBI has become more proactive in its efforts to warn companies and critical infrastructure of potential cyberattacks. "The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations," said Joshua Campbell, FBI spokesman. "This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals."
These types of "destructive" cyberattacks have been launched against companies in the Middle East and Asia - and it would appear the United States is next on the target list, the FBI warns.
North Korea is not surprisingly denying any potential involvement in the Sony Pictures Entertainment cyberattack last week that brought the company to a grinding halt. The country previously showed displeasure at SPE's movie The Interview, which will be released later this month, featuring a plot by two Americans to assassinate North Korean leader Kim Jong-Un.
"The hostile forces are relating everything to the DPRK. I kindly advise you to just wait and see," a North Korean spokesperson recently said. I do not know anything about this."
Some cybersecurity experts don't believe North Korea has significant infrastructure to launch cyberattacks - but could have called upon China or Russia - to launch the attack on its behalf. Some organized cybercriminal groups are willing to offer their services to the highest bidder, especially if it involves targeting high-profile attacks targeting companies in the United States.
Members of the "Lizard Squad" apparently have successfully targeted Microsoft Xbox Live, making inaccessible to gamers on Monday evening. It would appear a distributed denial of service (DDoS) attack successfully knocked Xbox Live offline, with the group promising additional attacks leading up to Christmas.
There were a number of tweets and Facebook status updates from upset gamers reporting they've had trouble logging onto Xbox Live.
The Lizard Squad previously targeted the Sony PlayStation Network and several game from Electronics Arts in the past.
Former NSA contractor Edward Snowden hopes to see the United Nations create new laws that will be able to better protect privacy and human rights among its citizens. Snowden is the co-winner of the Right Livelihood Award, the "alternative Nobel," and continues to speak out against organized government surveillance that targets regular Internet users.
"I hope despite all we have accomplished in the last year, we all recognize that this is only the beginning," Snowden said.
Snowden also understands how other whistleblowers, journalists, editors and Internet activists have put themselves on the line while speaking out against government surveillance. "These are things that are unlikely to change soon. But they're worth it. All the prices we paid, all the sacrifices we made, I believe we'd do it again. There is so much more to do... and together we will achieve it."
A criminal group has been discovered conducting cyberespionage so they are able to game the stock market, according to cybersecurity company FireEye. Specifically, the group has targeted at least 100 firms, focusing on biotech and healthcare companies, and it's unknown if they made any trades based on the stolen information.
The group had access to US Securities and Exchange Commission (SEC) filings, legal documents, merger activity information, medical research results, and other sensitive information they could utilize before news became public. It would appear only those with access to insider data, such as company executives, were targeted in the sophisticated and coordinated attacks.
It's a difficult time for companies trying to keep data secure from outside threat, as cybercriminals are becoming increasingly savvy in their methods to compromise secure data.
Four different movies from Sony Pictures Entertainment, including Annie, Fury, Mr. Turner and Still Alice, have leaked online via peer-to-peer file sharing networks. The company suffered a major cyberattack last week, which is now being investigated by law enforcement, Sony confirmed. The digital copies are watermarked and were likely caused by the SPE network intrusion, sources have confirmed.
"The theft of Sony Pictures Entertainment content is a criminal matter, and we are working closely with law enforcement to address it," a Sony spokeswoman recently said.
Fury made its appearance on file sharing networks on Nov. 27, and has been downloaded at least 888,000 times. This is the largest leak since July, after the Expendables 3 movie was released online almost one month before release in theaters.
Launching social engineering attacks, typically using phishing tactics, will remain a success for cybercriminals - and companies struggle to teach their employees how to detect and avoid these attacks. Phishing emails often trick employees to turn over usernames and passwords, or install some type of file with malware.
"Phishing relies on human mistakes, not technology, so the number one way to combat this particularly effective form of social engineering is to raise awareness enterprise-wide," said Joe Caruso, CEO and CTO of Global Digital Forensics. "Time is your enemy after a cyber breach or incident, so every second counts. The faster the problem is identified and eradicated, the less costly it will be in the long run for the entire organization."
As more people embrace mobile devices, such as smartphones and tablets, cybercriminals are adjusting their attack strategies. More employees are using their personal devices for work, and criminals have the opportunity to steal personal and corporate information.
Sony Pictures Entertainment has tasked cybersecurity firm Mandiant with helping it clean up after a vicious cyberattack that knocked its computer networks offline last week. The "Guardians of Peace" claimed responsibility for the attack, saying they stole terabytes of data from SPE, with SPE's IT team unable to defend against the attack.
The SPE email system is expected to be restored by end of business tomorrow, while Sony executives remain relatively quiet about the incident.
It is a lucrative time to be in cybersecurity, as companies are turning to private sector companies for additional consultations - as cyberattacks are on the rise, with criminals able to steal internal data, disrupt daily work activities, and compromise customers.