As the cyber attack against Sony Pictures continues to unfold, every company in town is wondering if they are adequately protected from a similar security breach. The answer is: Probably not; no one really is.
“There is no such thing as perfect security,” says Mandiant, the cyber security firm that was brought in to investigate the Sony break-in. “Attackers get smarter and change tactics all the time.” Even companies that have made “responsible and sustained investments in IT continue to be compromised,” Mandiant says on its website, which notes that “100%” of the companies victimized by cyber crime “have up-to-date anti-virus software.”
“Skilled, determined attackers can break, enter and succeed within minutes,” the security firm says. “Other times, they spend days plotting, establishing backdoors and fortifying their positions inside your company. This sophistication and persistence presents challenges for those trying to scope, contain and remediate the threat.”
Attacks can come from almost anywhere, from insiders and disgruntled employees, to state-sponsored hackers and organized criminals. Most hackers are involved in theft for profit, including economic espionage, but “hactivists” such as Anonymous are more interested in making a political statement.
According to Mandiant, this is what a typical economic espionage attack looks like:
· The attacker sends a spear phishing e-mail to gain entry to target.
· When the victim opens the attachment, custom malware is installed.
· The custom malware beacons to a command and control web site and pulls down additional malware.
· The attacker establishes multiple backdoors to ensure access can be maintained if the other systems are found.
· The attacker now has access to the system and dumps account names and passwords from the domain controller.
· The attacker cracks the passwords and now has access to legitimate user accounts to continue the attack undetected.
· The attacker performs reconnaissance to identify and gather data.
· Data is collected on a staging server.
· Data is extracted from the staging server.
· The attacker covers its tracks by deleting files but can return at any time to conduct additional activity.
· Once inside, persistent attackers execute a series of activities to entrench themselves and compromise computer systems.
· “If you manage to kick them out,” Mandiant says, “rest assured they will be back.”
In this new age of cyber insecurity, where every company in the country is vulnerable to attack, Hollywood studios may be uniquely positioned, with their deep pockets and strong political ties, to weather the current storm and to band together to battle the ones that are sure to come.