Sony hires FireEye Inc. Mandiant forensics unit to clean up massive cyber attack, FBI claims North Korea source of attack, The Interview comedy about CIA attempt to assassinate Kim Jong Un


Sony hires FireEye Inc. Mandiant forensics unit to clean up massive cyber attack, FBI claims North Korea source of attack, The Interview comedy about CIA attempt to assassinate Kim Jong Un

 

 

From Reuters.

The FBI claims to have evidence that the Cyber attack upon Sony computer systems came from North Korean sources.

“Sony hires Mandiant to help clean up after cyber attack”

“Pictures Entertainment has hired FireEye Inc’s Mandiant forensics unit to clean up a massive cyber attack that knocked out the studio’s computer network nearly a week ago, three people with knowledge of the matter said on Sunday.

Computer systems at the Sony Corp unit went down last Monday after displaying a red skull and the phrase “Hacked By #GOP,” which reportedly stands for Guardians of Peace, the Los Angeles Times reported.

Technicians are making headway in repairing damage caused by the attack and expect to have the email systems back online Monday, said one of the people, who were not authorized to publicly discuss efforts to deal with the attack.”

“Mandiant is an incident response firm that helps victims of breaches identify the extent of attacks, clean up networks and restore systems.

The technology news website Re/code reported on Friday that Sony was investigating to determine whether hackers working on behalf of North Korea might be responsible for the attack, possibly in retribution for the studio’s backing of the film “The Interview,” which is to be released on Dec. 25 in the United States and Canada.

The movie is a comedy about a CIA attempt to assassinate North Korean leader Kim Jong Un.”

Read more:

http://www.reuters.com/article/2014/11/30/sony-cybersecurity-mandiant-idUSL2N0TK0R920141130

From Fireeye:

“Security Predictions

There’s no crystal ball, but based on what we saw in 2014, we can predict trends we’re likely to see in the coming year. Here are a few technical and business insights from our experts to help security professionals prepare for 2015. 

1)    The rate of “cataclysmic events” such as Heartbleed and Shellshock will likely increase in 2015.  It won’t be just one thing, but a combination of unrelated events that have the capability to destabilize “the internet of things.”  Organizations need to get better at dealing with these storms. We believe that 2015 will bring more of these far-reaching attacks that are tough to patch and cause widespread damage. Our advice: Put processes in place to discover vulnerabilities and react immediately with patches as needed.

 

2)    Linux POS malware increases. We’ve seen plenty of Windows-based Point-of-Sale (POS) malware. Watch for Linux-based POS to become a new playground for attackers. Linux-based POS systems are in use all over the world, some are even free, open source or far less expensive than their Windows-based counterparts. Operators likely have minimal experience and in-house expertise to address threats and maintain updated configurations. Our advice: Understand the attack surface of your Linux hosts, the attack vectors they are exposed to, and initiate robust operational processes to manage, monitor and maintain their security.

 

3)    No more AV for me.  IT security organizations will stop paying third-party vendors and consider Microsoft-provided AV as “good enough.” Instead, they’ll spend more on other endpoint solutions to address advanced detection, response and forensics. Our advice: Evaluate your security investments, considering both how your organization has changed and how the threat landscape has matured. Focus your investments on threat detection and protection.

 

4)    Supply chain attacks will increase. Attackers will leverage less-mature companies that are the weak entry point into the more-mature enterprises – making the supply ecosystem an increasingly key part of cyber strategies. Our advice: Build security requirements into your MSAs with suppliers to improve their security, and require them to demonstrate that your supply chain is operationalizing their security. Look for measurements of security effectiveness such as a time to detect a new threat, and time to remove the threat.”

https://www.fireeye.com/blog/executive-perspective/2014/12/security_predictions.html