Light Dark
December 2, 2014 By Shane Schick 2 min read

The first wave of the Sony Pictures hack sounded bad enough, with employees reportedly sent home from work and major systems rendered inaccessible. Now, several online reports suggest the company has been the victim of highly sophisticated malware and a major data theft.

It was reported last week that desktops at the entertainment giant’s offices were covered with an image of a red skeleton and a message from the so-called “Guardians of Peace.” The group said it had stolen data files from the company and was making threats about releasing them unless certain unspecified demands were met.

According to CNBC, the Sony Pictures hack may be getting even worse. Several of the studio’s films, including “Annie” and “Fury,” have been released online without authorization, sparking a wave of online piracy before some of the movies have even hit theaters for the all-important holiday season.

Meanwhile, the FBI has sent out an advisory to businesses about malware that may be linked to the Sony Pictures hack, ZDNet said, although neither authorities nor the company have confirmed it. The FBI document is described as a detailed analysis that suggests the malware can compromise hardware and entire networks with apparent ease.

Sony is by no means taking this attack lying down. According to Reuters, FireEye’s Mandiant unit is conducting a forensic analysis and cleaning up affected systems. Target, which was subject to a major data theft earlier this year, is among Mandiant’s other clients.

When cyberattacks take place, the fallout can include sensitive customer information entering the public domain and financial losses. In this case, there may also be damage to the firm’s corporate reputation. For example, The Daily Mail in the United Kingdom parsed some of the documents that were leaked online to show that its highest-paid executives are almost all white men.

In the long run, however, this could be just the tip of the iceberg. Budget information, passwords and other files are among the 11,000 gigabytes lost in the Sony Pictures hack, Network World said. Even personal IDs, such as passports of A-list celebrities, may be at risk.

For the moment, the company may be focused on simply getting its operations back to normal. The Verge said email systems were still offline in the wake of the attack, while media accounts for some of its films were continuing to be abused over the Thanksgiving weekend, according to the Washington Post.

 |  |  |  |  | 
Shane Schick
Writer & Editor

More from

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 16, 2024

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature