cybercrime

Cyberattack Inflicts Massive Damage on German Steel Factory

  A report released this week from Germany’s Federal Office for Information Security said that a German steel manufacturing plant was severely damaged by a cyber-physical attack this year. The incident was mentioned in an annual report by the Bundesamt für Sicherheit in der Informationstechnik (or BSI), which provided a summary of cyber security issues and incidents affecting Germany. According to the report, a German steel manufacturing facility was the victim of a “targeted attack” that the report labeled an “APT” or “advanced persistent threat” style attack.  [Read more Security Ledger coverage of APT-style attacks.] The attackers used a sophisticated spear-phishing e-mail and social engineering to get access to the office network at the steelworks, the report claims. “From there, they worked successively to production networks.” The malicious code disrupted the function of control system components that led to a blast furnace not being able to be turned off in a regulated fashion. “The result (was) massive damage […]

Continue Reading

Cyber Resilience? Sony Employees Back To Faxes and Face to Face

There’s a fascinating article on TechCrunch that cites a current (anonymous) Sony Pictures Entertainment employee talking about life at the company in the wake of a crippling November 24th cyber attack that wiped out thousands of computer systems and stole terabytes of data from the company. According to the story, Sony employees have resorted to using circa 1990s fax machines to transmit documents and – horror – having face to face communications in lieu of texting, e-mail or social networking, all of which are disabled within Sony’s environment. [Read more Security Ledger coverage of the Sony Pictures hack here.] “We had barely working email and no voicemail so people talked to each other,” the source tells TechCrunch. “Some people had to send faxes. They were dragging old printers out of storage to cut checks…It was crazy.” “That is what a major corporate security breach sounds like,” TechCrunch writes. “The squeal […]

Continue Reading

The Moral of Sony: Ignoring Cyber Risk Can Be Fatal

  Mark Anderson over at IEEE Spectrum has a nice article today on “How Not To Be Sony Pictures.” His argument: corporations can no longer afford to be cavalier about cyber security. Accordingly: they need to do much more than simply spot threats. “Any organization that thinks cybersecurity is as simple as installing and regularly updating their anti-virus software risks similar nightmare scenarios as what Sony Pictures now stares down.”  – Mark Anderson, IEEE Spectrum. Anderson notes this blog post, by Fengmin Gong, the chief strategy officer and co-founder of Cyphort Security. Gong argues that the sheer scale and complexity of connected devices requires a new attitude towards protecting critical data and assets. “The new approach today that people have shifts away from prevention — which everyone knows is not achievable — to a focus on attack sequence and consequence,” Gong writes. What does that mean? Gong and Anderson are […]

Continue Reading

Clues Point to Long-Duration Hack at Sony

With each passing day, evidence mounts that the attack on Sony Pictures Entertainment was a long-duration hacking event that gave malicious actors extensive access to the company’s network and data. The hack started out looking like a particularly nasty example of hacktivism – with thousands of SPE systems wiped of all data. Going on two weeks after revelations of the hack, however, the incident appears to be something much more dire: a massive breach of corporate security that gave malicious attackers access to gigabytes – and possibly terabytes- of sensitive data. With only a fraction of the allegedly stolen data trove released, the ripple effects of the incident are already washing up against other Sony divisions and firms with direct or indirect ties to the company. The latest developments in the saga include publication of some 40 gigabytes of internal files. As described by buzzfeed.com, the files include: “email exchanges with employees regarding specific […]

Continue Reading

Report: Sony Fits Pattern of other Destructive Hacks

At a time when companies are warned to be on the lookout for “low and slow” attackers who studiously avoid notice, the Sony breach will be remembered for its unusual ferocity. On Nov. 24, the assailants declared their presence by decorating employee desktops with a belligerent message before erasing the hard drives of computers and servers they compromised as a parting shot. Destructive hacks such as the one on Sony are atypical. But they are not unknown. In fact, the attack on Sony shares many similarities with at least two other recent, destructive cyberattacks: from the methods used to carry out the strike to the software used to compromise Sony’s computer systems. Those earlier hacks also suggest that attackers had access to Sony’s network long before they played their hand. Read more over at The Christian Science Monitor.

Continue Reading
1 11 12 13 14 15 27