Light Dark
December 2, 2014 By Shane Schick 2 min read

The first wave of the Sony Pictures hack sounded bad enough, with employees reportedly sent home from work and major systems rendered inaccessible. Now, several online reports suggest the company has been the victim of highly sophisticated malware and a major data theft.

It was reported last week that desktops at the entertainment giant’s offices were covered with an image of a red skeleton and a message from the so-called “Guardians of Peace.” The group said it had stolen data files from the company and was making threats about releasing them unless certain unspecified demands were met.

According to CNBC, the Sony Pictures hack may be getting even worse. Several of the studio’s films, including “Annie” and “Fury,” have been released online without authorization, sparking a wave of online piracy before some of the movies have even hit theaters for the all-important holiday season.

Meanwhile, the FBI has sent out an advisory to businesses about malware that may be linked to the Sony Pictures hack, ZDNet said, although neither authorities nor the company have confirmed it. The FBI document is described as a detailed analysis that suggests the malware can compromise hardware and entire networks with apparent ease.

Sony is by no means taking this attack lying down. According to Reuters, FireEye’s Mandiant unit is conducting a forensic analysis and cleaning up affected systems. Target, which was subject to a major data theft earlier this year, is among Mandiant’s other clients.

When cyberattacks take place, the fallout can include sensitive customer information entering the public domain and financial losses. In this case, there may also be damage to the firm’s corporate reputation. For example, The Daily Mail in the United Kingdom parsed some of the documents that were leaked online to show that its highest-paid executives are almost all white men.

In the long run, however, this could be just the tip of the iceberg. Budget information, passwords and other files are among the 11,000 gigabytes lost in the Sony Pictures hack, Network World said. Even personal IDs, such as passports of A-list celebrities, may be at risk.

For the moment, the company may be focused on simply getting its operations back to normal. The Verge said email systems were still offline in the wake of the attack, while media accounts for some of its films were continuing to be abused over the Thanksgiving weekend, according to the Washington Post.

 |  |  |  |  | 
Shane Schick
Writer & Editor

More from

April 18, 2024

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

April 16, 2024

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature