Sony – The “Nuclear” Option

USA Today is reporting a few more details about the Sony hack-attack.  This is very scary and businesses need to consider if this could happen to them (the answer is yes) and if it does, how would they handle it.  This is the kind of attack that would put many businesses out of business.  Businesses need to review what their business continuity and disaster preparedness plan would do in a case like this.

Because of the sheer destruction these hackers have caused, the security community is referring to this as the nuclear option.  Total destruction.  Destroy as much as you can.  Steal whatever you can.  Make the company sweat.

The details:

  • This is different from the Home Depot or Target attacks where the attackers were after credit cards to use or sell.
  • AS FAR AS WE KNOW, the attackers in the Sony case have not asked for a ransom and other than the vague comments about treating people well, they have made no demands.
  • The attackers did not launch a denial of service attack to try and make Sony’s web site unavailable to customers

These three facts make this very different than most attacks.

What we do know about the Sony hack/attack:

  • The malware  was not detectable by normal anti-virus software according to a statement released by the FBI.  In fact, they issued an FLASH bulletin to businesses to be alert to some of the symptoms of the attack.
  • Kevin Mandia, CEO of the Mandiant security firm said that it was “an unparalleled and well planned crime, carried out by an organized group, for which SPE [Sony] nor other companies could have been fully prepared”
  • The attackers stole a huge amount of data (different reports say hundreds of gigabytes to terabytes).
  • In my opinion, the only way to really know that you have the attackers out of there is to rebuild your entire infrastructure from scratch.  For a company the size of Sony, this is a HUGE undertaking.  Then you  have to figure out how to keep the bad  guys out.
  • The attackers have been dribbling out (if that is the right word for releasing gigabytes of data every day) embarrassing private data belonging to Sony and other companies (Deloitte).  The result of this leaking will likely be a number of lawsuits that will cost Sony a lot of time and likely, a lot of money.
  • The attackers crippled and erased hard drives of computers at Sony.  Even now, two weeks into this, employees are being told not to open their laptops for fear of the data on them being destroyed.
  • The GOP, the hacker group behind the attack said “the data to be released next week will excite you more.”  What the bleep are they going to release next?  If they have terabytes of data, this could go on for a while.
  • The attackers are also directly threatening employees and their families.  They said: “make your company behave wisely.”  if they did not, “not only you but your family will be in danger.”  What exactly this means is unclear, but if I was an employee, I would be nervous.

All in all, this is a huge leap from what attackers have traditionally been doing and unfortunately, this means that companies will have to up their game – including, probably, spending more money – as well.   Most companies do not have the financial resources of a Sony and if they were the victim of an attack like this, they would have to shut the doors.

This saga is far from over.