It goes without saying that SONY is in deep trouble. We started seeing problems back in February of 2014 as several Sony related host had shown up on our blacklist of compromised systems. We were not doing the blogging thing back then but we can assure you that they are not being 100% honest about what has happened since they first discovered the breach.
You see Sony did exactly what some of the other entities we are blogging about. NOTHING. They knew they had security problems but they took the road that many of the companies we notify do. They sit back and try to cover up the issue before anybody notices. What's different this time in Sony's case is that the hackers had ample time to farther attack the Sony network. This bought the attackers much needed time to dig in really deep and to start shuffling data off the Sony network.
Here's what we know today:
1. Sony was attack far earlier than reported. We started seeing indicators back in February on our Compromised Host and Brute Force Attackers list.
2. The attack went unreported until the attackers started releasing troves of information.
3. The attackers notified Sony and tried to extort money from executives numerous time, Sony did not cave in to the attackers demands.
4. Information is being sold and the FBI is actively investigating the incident. Security researchers have confirmed that the FBI visited them after they downloaded Sony's proprietary documents.
5. Information is currently being sold on Underground Web Sites.
6. While the media is pointing to North Korea they are basing this information on the fact that some of the malware was written in Korean. This is really an assumption and we have seen this tactic being used to misdirect blame in the past.
7. Iran is releasing torrents with Sony information in them so they should also be given a second look but as of today it is not known who exactly is behind this attack.
No comments:
Post a Comment