TweakTown NewsRefine News by Category:
South Korea hopes the Chinese government will be cooperative in a data breach investigation recently suffered by the Korea Hydro and Nuclear Power Co. just a few days ago. Some of the IP addresses used to compromise the Korean company are linked to a northeastern Chinese city close to the border with North Korea, according to an unnamed South Korean government official.
Despite its geographic location, there still isn't enough evidence to accuse China or North Korea of being directly involved in the cyberattack - although China is suspected of targeting the United States and its allies, while North Korea has been accused of previous cyber breaches suffered by South Korean companies.
"When we have the cooperation of the Chinese, where of course we don't have jurisdiction, we will be asking for checks or maybe a search of the location of the IP address," a South Korean official recently said. "As we're doing this, there is a possibility that the IP addresses in China are not the final source but used in a routing. It's possible (the network) in China was used (remotely) from some other location."
Sony doesn't want a repeat of its data breach suffered by Sony Pictures, and hopes a new Director of Vulnerability Management Engineering will be able to lend a hand. The company is still trying to lick its wounds after foreign cyberattackers brought Sony Pictures to its knees, with corporate emails and movies stolen, along with employee personal information.
Applicants must have a minimum of 10 years information security experience and five years of experience in penetration testing/red teaming. The qualified candidate must have a Master's degree in computer science or another appropriate field, or have equivalent experience.
Sony also posted job listings for junior analysts on the "security operations team," a senior risk management analyst job, senior governance, and a risk and compliance analyst dedicated to security and privacy training.
If companies needed another reminder on the importance of improving cybersecurity, they can learn from the current predicament tormenting Sony Pictures. C-level executives need to be more involved when it comes to being proactive ensuring cybersecurity strategies at their companies are being implemented properly.
It has been a brutal year for data breaches in the United States, with Sony Pictures joining the unfortunate list of Home Depot, Target, JPMorgan Chase, and multiple other companies that suffered high-profile, very public cybersecurity incidents. Trying to prevent these data breaches is much easier said than done, but many companies have either ignored security recommendations - or overlooked potential fallout - related to security.
"I think the scale of this impact on Sony is what's going to make a lot of C-suites sit up and say 'Wow, we really do need to take this seriously,'" said Rob Sloan, cyber data and content head at Dow Jones Risk & Compliance, in a statement published by Fortune. "They can see the damage being done and it's potentially career-threatening for them and business-ending if they don't have the funds to support them through their troubles."
Sony Pictures CEO Michael Lynton has received a letter from Rep. Elijah Cummings, the top Democrat of the US House Oversight and Government Reform Committee, asking the besieged company to turn over information regarding its catastrophic data breach. There has been an increased number of cyberattacks targeting US government infrastructure, and it has been difficult to collectively learn from these incidents.
The US government, which is learning valuable lessons regarding proper cybersecurity efforts, wants to use Sony's "knowledge, information and experience" to determine what types of new cybersecurity laws - and general practice steps - that can be used to help better defend consumer and government data.
"The increasing number and sophistication of cyberattacks on both public and private entities pose a clear and present danger to our national security and highlight the urgent need for greater collaboration to improve data security," Cummins wrote in his letter.
The catastrophic data breach of Sony Pictures helped reveal a major issue that many Americans often ignore: the important need for proper cybersecurity, as companies and government agencies are under attack. Most data breaches occur silently, with companies being breached and often not realizing for many months that data has been stolen.
"From a critical infrastructure and economic perspective, we've seen a lot worse than Sony," said Jeff Bardin, Treadstone 71 cyberintelligence training firm, in a statement to NBC News. "Let's put it in the context of the real issues: attacks on our power grid, our banks, are happening."
It might not matter how it occurs, as long as people become more aware that cybersecurity will remain a significant problem for years to come. Whether it's small hacker groups - or organized state-sponsored cybercriminal groups - they love stealing US data, which often means consumer personal information.
South Korea is under cyberattack from an unknown source, as its Korea Hydro and Nuclear Power Co. has been breached, with "non-critical" data being stolen. The country's nuclear installations and atomic reactors aren't at risk, but cybersecurity experts remain highly concerned the country's nuclear reactors could be at risk from future attacks.
"This demonstrated that, if anyone is intent with malice to infiltrate the system, it would be impossible to say with confidence that such an effort would be blocked completely," said Suh Kune-yull, from the Seoul National University, in a statement to reporters. "And a compromise of nuclear reactors' safety pretty clearly means there is a gaping hole in national security."
As organized cyberattacks from foreign states continue to launch attacks, stealing data from utility providers and other critical infrastructure remains high on the list.
"We found continued activity from Chinese specific actors that have used the Afghan government infrastructure as an attack platform," said Rich Barger, ThreatConnect CIO, in a statement to Reuters.
As the United States and NATO slowly wind down operations in Afghanistan, it looks like China wants to step up and become more active in the volatile country. This isn't the first time Afghan ministry websites have been targeted, with malware found on justice, foreign affairs, commerce, industry and education ministry websites in the past.
North Korea is having Internet problems, as the country - which has limited and restricted Internet access - with problems dating back a few days, though the nation's infrastructure took a severe beating over the past few days.
"Their networks are under duress," said Doug Madory, Dyn Research Internet analysis director, in a published statement. "I haven't seen such a steady beat of routing instability and outages in KP before. Usually there are isolated blips, not continuous connectivity problems. I wouldn't be surprised if they are absorbing some sort of attack presently."
Internet access in North Korea typically is reserved for government and military users, and it's unknown who is behind the attack. Internet outages wouldn't impact normal citizens of the country, but could set a dangerous precedent if the United States is responsible for the attack.
Sony Pictures is working to rebuild itself following a nasty cyberattack and subsequent data breach, courtesy of the Guardians of Peace. As such, the company has chosen cybersecurity firm FireEye's Mandiant to help clean up the mess - and FireEye likely couldn't be any happier with its decision.
Following the news, FireEye's stock value has increased, because of the high-profile nature of the data breach - and the fact that Sony Pictures could have chosen a few other large, high-profile firms. On the first day of news Mandiant was chosen, FireEye's shares increased 4.8 percent up to $32.39, and should continue to receive additional stability.
Here is what The Street Ratings recently offered: "We rate FireEye a SELL. This is driven by some concerns, which we believe should have a greater impact than any strengths, and could make it more difficult for investors to achieve positive results compared to most of the stocks we cover. The company's weaknesses can be seen in multiple areas, such as its feeble growth in its earnings per share and deteriorating net income."
The Anonymous hacker collective has criticized Sony Pictures for bowing down to the Guardians of Peace hacker group - and while Sony weighs its options to release "The Interview" - it appears Anonymous might be willing to do it for the company.
Anonymous released the following message (via Twitter): "You're gonna let Kim Junk Uno and his minions boss you, a multimillion dollar corporation responsible for billions of dollars in revenue? We're not with either side, we just want to watch the movie too... and soon you too will be joining us. Sorry, @sonypictures."
The hacker group also mentioned that it previously breached Sony Pictures' networks, and were surprised the company didn't work to improve its cybersecurity defenses.