Hacking, Security & Privacy - Page 35

Sony Pictures is working to rebuild itself following a nasty cyberattack and subsequent data breach, courtesy of the Guardians of Peace. As such, the company has chosen cybersecurity firm FireEye's Mandiant to help clean up the mess - and FireEye likely couldn't be any happier with its decision.

Following the news, FireEye's stock value has increased, because of the high-profile nature of the data breach - and the fact that Sony Pictures could have chosen a few other large, high-profile firms. On the first day of news Mandiant was chosen, FireEye's shares increased 4.8 percent up to $32.39, and should continue to receive additional stability.

Here is what The Street Ratings recently offered: "We rate FireEye a SELL. This is driven by some concerns, which we believe should have a greater impact than any strengths, and could make it more difficult for investors to achieve positive results compared to most of the stocks we cover. The company's weaknesses can be seen in multiple areas, such as its feeble growth in its earnings per share and deteriorating net income."

The Anonymous hacker collective has criticized Sony Pictures for bowing down to the Guardians of Peace hacker group - and while Sony weighs its options to release "The Interview" - it appears Anonymous might be willing to do it for the company.

Anonymous released the following message (via Twitter): "You're gonna let Kim Junk Uno and his minions boss you, a multimillion dollar corporation responsible for billions of dollars in revenue? We're not with either side, we just want to watch the movie too... and soon you too will be joining us. Sorry, @sonypictures."

The hacker group also mentioned that it previously breached Sony Pictures' networks, and were surprised the company didn't work to improve its cybersecurity defenses.

The Chinese government, which has been blamed for organizing cyberattacks against foreign interests, spoke out against the cyberattack that crippled Sony Pictures. However, the country didn't specifically call out North Korea for its likely role in the breach, which stemmed because of the government's disdain for "The Interview."

"(China) opposes any country or individual using other countries' domestic facilities to conduct cyberattacks on third-party nations," according to a statement issued by Wang Yi, the Chinese Foreign Minister, when speaking to US Secretary of State John Kerry.

North Korea and China have a strong political friendship - as one of Kim Jong Un's only foreign allies - and would be an important asset for any future cyberattacks. Pres. Obama's administration is weighing potential options to retaliate against North Korea, though China would likely strongly condemn any future actions.

President Obama has said the United States will respond "proportionately" against North Korea for its role in attacking Sony Pictures, but said the country is not engaged in a cyberwar against North Korea. Instead, the US may reintroduce North Korea to a list of countries accused of sponsoring terrorism, and will look for other methods to retaliate against the reclusive country.

"I don't think it was an act of war," Obama recently said on CNN's State of the Union. I think it was an act of cyber vandalism that was very costly, very expensive. We take it very seriously. We will respond proportionately, as I said. We've got very clear criteria as to what it means for a state to sponsor terrorism. And we don't make those judgments just based on the news of the day. We look systematically at what's been done and based on those facts, we'll make those determinations in the future."

There aren't many things the United States can do to attack North Korea with cyberattacks, as the US has much more to lose in an ongoing battle - and the US is more interested in trying to create generational change to help better the North Korean people, rather than directly fight with the government.

Office retailer Staples recently issued an update to a data breach investigation that took place earlier in the year, targeting its retail point-of-sale (PoS) systems. The company said 115 of its stores nationwide were targeted, with 1.16 million customers affected, providing cybercriminals potential "access to some transaction data at affected stores, including cardholder names, payment card numbers, expiration dates, and card verification codes."

Retailers remain under fire from foreign cybercriminals targeting their PoS systems - and the problem likely won't suddenly go away anytime soon. Despite Staples' data breach much smaller than Target (40 million compromised) and Home Depot (56 million compromised), shows that major problems still exist.

The North Korean government has reportedly orchestrated a major cyberattack to cripple Sony Pictures - and prevent "The Interview" from being shared - but the regular North Korean citizen likely has no idea about the data breach or movie. The North Korean government strictly regulates the Internet and media in the country, so it wouldn't be surprising if the population has no knowledge of the movie, or its contents.

"North Koreans will probably never know what this film was about," noted Leonid Petrov, from the Australian National University, as noted by BusinessWeek. "If there was a film about Kim Jong Un, it would only be explained in the most laudatory, sycophantic way. Foreigners made a film about our great leader, presenting the greatness of the great leader."

As such, trying to even get copies of the movie would be extremely difficult. There have been attempts to send balloons into North Korea with copies of movies, books and other banned materials into the country - but the balloons are routinely shot down. North Korean citizens who stumble across any of the contraband is ordered to turn it over, or they face potential torture, imprisonment, and other forms of punishment.

The United States pointed towards North Korea being behind the massive Sony Pictures data breach, and many have argued for some type of retaliation against the country. However, trying to determine how to seek revenge on the North Korean government, in regards to cyberattacks, remains difficult. Trying a cyberattack in response would be risky, as the US has significantly more to lose if the North Koreans, along with its allies, decide to escalate the issue further.

"Nothing more," said Christopher Budd, online security communications professional, in a post published by GeekWire. "Yes, you read that right: nothing more. I believe that the U.S. should do nothing more in response to this situation than they already have: naming North Kore clearly as being behind this."

It seems more likely the US government will impose further sanctions on North Korea - and perhaps find ways to hurt the country's economy even further. Another idea is to find a way to distribute "The Interview" inside of North Korea, along with distributing "Team America" into the country - but that seems rather far-fetched.

Cyber espionage is a growing underworld business, with small nation states and foreign terror groups continuing to launch cyberattacks against enemies, according to a report released by McAfee Labs. Everything from distributed denial of service (DDoS) attacks to malware being delivered via social engineering techniques are being added to cyber arsenals, used by increasingly sophisticated groups.

Established nations with cyber warfare programs will look for stealthier methods to gather intelligence and cripple political and military rivals - and developing cyber espionage programs remain dedicated to stealing finances and causing disruptions.

"Of particular note, McAfee Labs now sees sophisticated Eastern European cybercriminals shifting from quick, direct attacks on financial-institution customer credentials (leading to financial theft) to a more sophisticated advanced persistent threat (APT) approach in which they collect intelligence that they can either sell or use at a later date," according to the McAfee report.

The decision by Sony Pictures Entertainment to pull "The Interview" due to a cyberattack and subsequent terror attacks has drawn criticism from actors and President Obama.

"Sony is a corporation. It suffered significant damage," Obama said during a press conference. "There were threats against its employees. I'm sympathetic to the concerns that they faced. Having said all that, yes I think they made a mistake. We cannot have a society in which some dictator in some place can start imposing censorship in the United States. I wish they'd spoken to me first. I would have told them: 'Do not get into the pattern in which you are intimidated.'"

However, Sony is defending itself from Pres. Obama's statement and criticism from actors, many American citizens, and others criticizing the company.

Cybercriminals with alleged ties to ISIS recently tried to spread malware onto a Syrian citizen media group after posing as Syrian-Canadian citizens, according to a report from Citizen Lab. The social engineering attack took place in late November, and shows the group is continually putting more effort into its cybercriminal abilities. The attempted malware attack was targeted to the Raqqah is Being Slaughtered Silently (RSS) group, and the email was worded in a manner to trick organization members.

"This bears little resemblance to anything we've seen from the usual suspects," said John Scott-Railton, the report's co-author, noted in a statement given to CBC. "That, combined with who they are targeting... gives us pause and makes us think that maybe we're looking at ISIS malware."

ISIS has used the Internet, specifically social media, as a tool to recruit and spread propaganda. However, the group has run into problems, as the Anonymous hacker collective and other groups have disrupted their online operations.

A reported 51 percent of companies suffered some type of malware breach during the past 18 months, with phishing emails and social engineering attacks able to circumvent security filters, according to a survey published by the OPSWAT IT solutions provider.

It's a frightening time for companies trying to keep their networks secure, especially as social engineering techniques - which rely on tricking employees to click fraudulent links or install the malware directly - prove difficult to defend against.

"With the sheer number of new viruses introduced every day, it is not surprising that 51% of the respondents experienced a malware breach, particularly since 39% only utilized one anti-malware solution," said Tony Berning, OPSWAT Metascan product manager. "By using only one or two anti-virus engines, companies are exposing themselves to malware threats, since no anti-virus engine can be accurate 100% of the time."

Sony Pictures is facing a public relations nightmare after a major data breach orchestrated by North Korea, and company executives just can't stop the bleeding. The data breach could become the costliest suffered by a U.S. company, with fallout that will surely continue into 2015. Beyond the sensitive documents and personal information stolen, along with the cancellation of "The Interview," there is a strong possibility some actors will avoid Sony in the future.

It remains unclear how much Sony will lose because of the cyberattack, but lawsuits, lost revenue because of "The Interview" being pulled, and other problems will only complicate matters even further.

"This attack went to the heart and core of Sony's business and succeeded," said Avivah Litan, Gartner cybersecurity analyst. "We haven't seen any attack like this in the annals of U.S. breach history."

North Korea could be using the cyberattack against Sony Pictures as a test run to try out its budding cyber capabilities, with the reclusive government potentially taking aim at US energy companies and critical infrastructure. Despite much of the Western world ignoring its growing cyber ambitions, it looks like North Korea has been able to increase its cyber weapons.

"North Korea's ultimate goal in cyber strategy is to be able to attack national infrastructure of South Korea and the United States," said Kim Heung-kwang, a North Korean defector and former computer science professor. "The hacking of Sony Pictures is similar to previous attacks that were blamed on North Korea and is a result of training and efforts made with the goal of destroying infrastructure."

The North Korean government has poured resources into its Bureau 121 cyber warfare unit, recruiting some of the nation's best computer experts - with most of the department's agents originating from the North Korean military computer school. It has successfully attacked targets in South Korea on several occasions, as some networks remain vulnerable to attack.

Signal System 7 (SS7) powers multiple phone carriers across the world including big names such as AT&T and Verizon - its global telecom network is used to route calls and text and in recent news, this technology has been reported to have some huge security issues associated inside. These issues come in the form of security holes that let hackers listen in to your calls and texts.

ACLU's Cheif Technologist has informed Gizmodo that this flaw is so serious that people should consider no longer using their mobile phone for calls until the problems are fixed.

SS7's outdated infrastructure is said to be the cause of this issue, with German research discovering this invasion of privacy, said to be publishing their full findings later this month at a conference in Hamburg (as according to the Washington Post).

ICANN employees have fallen victim to a suspected spear phishing cyberattack that began in late November 2014, the group confirmed in a blog post. The social engineering attack mimicked emails that closely resembled communications from its own domain and targeted ICANN employees. Unfortunately, the attack was successful and several ICANN staff members had their credentials compromised.

The compromised credentials were used to access ICANN's Centralized Zone Data System, providing criminals with access to names, postal addresses, email addresses, fax and phone numbers, usernames and passwords. The breach also hits the ICANN GAC Wiki, with only public information accessible to the cybercriminals.

Earlier in the year, ICANN boosted its cybersecurity, which the group said likely helped keep unauthorized access to a minimum from this attack.

Chinese mobile manufacturer Coolpad is building backdoors into high-end Google Android-powered smartphones, according to Palo Alto Networks' Unit 42. The "CoolReaper" backdoor has been found on a variety of ROMs that were downloaded by security researchers. Coolpad is the No. 6 largest smartphone manufacture in the world, No. 3 inside of China, so this is an extremely troubling development.

CoolReaper is able to download, install, or activate Android applications without needing owner consent or notification. It can also clear user data, uninstall applications, and disable system applications. Researchers also found that it can dial arbitrary phone numbers and send SMS or MMS messages from the phone.

"CoolReaper is the first malware we have seen that was built and operated by an Android manufacturer," according to the Palo Alto Networks' Unit 42 blog. "The changes Coolpad made to the Android OS to hide the backdoor from users and anti-virus programs are unique and should make people think twice about the integrity of their mobile devices."

The hacker group reportedly behind a major cyberattack against Sony Pictures Entertainment is getting what they want - as Sony tells theaters they don't need to show "The Interview" due to terror threats. The movie is scheduled for release on Christmas, Dec. 25, and it would appear some theaters have already said they won't show the controversial film.

Movie theaters that decide to still show the film plan to use additional security - even if there has been no credible evidence a plot is in place - with AMC, Cinemark, Regal and Carmike all suffering a drop in stock values because of the threat.

"Somebody is playing mind games with [Sony]," said Richard Clarke, cybersecurity expert and former White House counter-terrorism lead, in a statement published by Good Morning America. "I think North Korea has little or no capability to do any physical attacks, commando activity, or terrorism in the U.S. By saying it's coming, however, they hope to keep people from the theaters and, thereby, hurt Sony's revenue."

The ongoing drama for Sony Pictures Entertainment took a dark turn on Tuesday, with the hacker group responsible issuing a terrorist threat when 'The Interview' hits theaters. It would seem the threat is working, as some movie theater operators are considering pulling the movie.

"We will clearly show it to you at the very time and places 'The Interview' [will] be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to," the hackers said in a statement. "Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear. Remember the 11th of September 2001."

The group also recommended people stay away from theaters after the movie is released.

Cybercriminals are compromising US consumers and business workers on a large scale, able to steal personal information and payment details in bulk. Home Depot was compromised and 56 million payment card numbers and 53 million email addresses were taken in a single breach alone, along with Target, Neiman Marcus, and a number of retailers also falling victim.

However, trying to make use of stolen information forces cybercriminals to act quickly - if 10,000 cards are compromised, only around 100 could cash out, with an estimated 10 cars actually working, according to Alex Holden, from Hold Security.

"Cybercriminals don't have enough resources to monetize stolen data in big volumes," said Andrew Komarov, IntelCrawler CEO, in a statement to PCWorld. "It really has a small margin, and it is pretty complicated to resell it in big amounts."

Sony Pictures Entertainment employees heard from company CEO Michael Lynton and co-chair Amy Pascal during an open town hall meeting on Monday. The company is still painfully suffering after a major data breach led to emails stolen, employee personal information leaked, and other disruptions to its business.

"This will not take us down," Lynton said during the town hall meeting in front of employees. "You should not be worried about the future of this studio."

Lynton apologized that employee personal information and medical records were stolen - and then posted online - by the cybercriminals. During the two sessions held on Monday, there were no question and answer segments for employees to ask questions to Lynton or Pascal.