Details emerging on Sony Hack Attack

We've got a bevy of links to consider in the wake of the recent attack against Sony Pictures.


The Sony attack resulted in five films being leaked online, including the updated version of "Annie." In the attack on the studio's corporate systems Nov. 24, an image of a skeleton appeared on company computers with a message that said, "Hacked by #GOP," with the group behind it calling itself "Guardians of Peace."


The FBI is warning businesses about a new hacking threat in the wake of a vast attack on Sony Pictures last week. The five-page, confidential "flash" warning issued to businesses late on Monday provided some technical details about the malicious software that was used in the attack, though it did not name the victim.

The folks over at the Global Cyber Security Center have a far more detailed report than anything we've seen in the news thus far, while the FBI.gov e-Scams and Warnings page provides some holiday shopping tips and in an entry dated 10.28.13 (their website appears to have the incorrect year on several recent posts?) focuses on the CryptoLocker Ransomware that's been making the rounds - many suspect this was used in the Sony attack.

Worthy of consideration:  Sony clearly had a vulnerability or threat vector that could be attacked, and it was prevalent throughout their entire enterprise.  There was clearly an additional mechanism within the attack that allowed it to spread on the inside of the Sony network.  This represents a significant failure of Information Security that with industry best practices could have been avoided.