Life at Sony Pictures Entertainment Inc. is slowly getting back to normal after becoming the victim of one of the most malicious cyber attacks in history. Sony's employees arrived at the office on November 24, 2014, to find the image of a red skull on all of their computers. The foreboding image came with a warning saying that the company's secrets would soon be revealed.
As part of an investigation into the attack, the company discovered that hackers made off with more than 100 terabytes of confidential files. The attackers also deleted the original copies of these files and wiped Sony's internal data centers. They destroyed 75% of the company's servers and used file-sharing networks to publicly release a huge amount of the stolen information.
The list of released files featured corporate documents, private emails from Sony executives, and details about salaries and bonuses. It also included the usernames and passwords of hundreds of employees, as well as personal information, such as their social security numbers.
In addition, the attackers stole a number of movies that were scheduled for release in theaters during the 2014 holiday season. They posted these films online, hitting the company even harder.
Following the attack, Sony shut down nearly all of its global IT infrastructure. This left the company's employees without any voice mail, corporate email, or production systems.
Sony's problems didn't end with the attack on its systems. The hackers, calling themselves the "Guardians of Peace," threatened to attack theaters if Sony went ahead with its planned Christmas day release of "The Interview," a comedic movie depicting the assassination of North Korean leader Kim Jong Un.
Shaken by the security breach and the threat of attacks against theaters, the company initially decided to cancel the movie's release. A wave of criticism followed the move, and Sony was forced to change its stance. The movie was ultimately screened at a limited number of theaters, and made available online by the company.
The Hackers and Their Suspected Methods
It remains unclear exactly how the attackers managed to break into Sony's networks, though security experts suspect that a specific type of malware was used to steal the data and erase the original copies. It is believed that the attackers first stole the login credentials of a high-level systems administrator working in Sony's IT department. Using this information, they were able to access the company's entire network.
The US government has stated that it believes that North Korea was behind the attack, with the FBI releasing the IP range from which the attack originated, leaving little room for doubt as to the source.
Sony clearly didn't have a disaster recovery plan. After discovering that it had been hacked, the company shut down its entire local system, rendering its landline phones, computers and corporate email system inoperable.
The company's senior executives used a phone tree to relay updates from one person to the next. More than 6,000 employees were forced to use cell phones, Gmail accounts and notepads to remain operational. The payroll department had to use an old machine to manually issue paychecks instead of using its electronic direct deposit system. The company's network remained impaired for weeks.
The attack on Sony exposed its poor cyber security practices. A lack of IT training, strong password protection protocols, and file encryption technology played a role in Sony's faulty operations.
The company's employees used easy-to-guess passwords, such as "password" and "s0ny123." The passwords, along with other important data, were all stored in one place. This made it remarkably easy for the hackers to gain access.
In addition, Sony executives sent plaintext passwords in unencrypted e-mails. The company also failed to encrypt sensitive materials related to some of its employees, such as salaries, revenue numbers, medical information, and strategic plans. Without encryption, this information was relatively simple to steal.
A large part of this IT mismanagement stemmed from a lack of knowledge and preparation. Sony failed to implement company-wide protection measures or develop an adequate computer training program for its employees.
According to the company's former employees, Sony repeatedly ignored warnings about specific vulnerabilities. While the company did carry out risk assessments, it rarely acted on them.
Physical security was another major problem for the company. According to a statement made by one of the alleged hackers, the company did not have the most basic physical security parameters like locked doors, CCTV cameras, or proximity card readers.
It appears that Sony also failed to protect itself against social engineering. Several media reports have suggested that the hackers tricked some executives into revealing passwords. The attackers also allegedly convinced some sympathetic employees to help them.
According to security experts, Sony's haphazard practices are commonplace in the corporate world. Both multinational conglomerates and small businesses are equally vulnerable in this regard. Abandoning these ineffective policies are crucial to securing a company's IT infrastructure.
Basic precautions are vital, especially when it comes to physical security. Even the little things, like failing to lock a door, can have a huge impact on cyber security.
Simple mistakes are prevalent in the digital world as well. These include using obvious passwords, repeating passwords, or sending passwords via email. Using encryption and password managers can help companies eliminate these costly errors.
Hackers are becoming more and more sophisticated in the level of their attacks. In light of these new and dangerous threats, companies must have up-to-date, comprehensive anti-malware and antivirus programs.
Finally, companies should educate their employees about IT. An awareness of these issues, along with the help of outside experts, goes a long way toward preventing attacks.