Sony Pictures Entertainment CEO Michael Lynton recently sent a memo to the company’s employees quoting Mandiant CEO Kevin Mandia as saying the recent Sony data breach was “unprecedented in nature,” according to Re/code.
“The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat,” Lynton’s memo quotes Mandia as saying. “In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public.”
“The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared,” Mandia added.
Separately, Business Insider reports that an IT employee working for a contractor with access to Sony’s network has described Sony’s cyber security as a “mess,” calling it “outdated and ineffective.”
“The security team has no f—ing clue,” the employee said.
Digital Guardian president and CEO Ken Levine told eSecurity Planet by email that while he has tremendous respect for Mandia, he completely disagrees with his statement regarding the Sony breach.
“The truth is, there is nothing new about what these attackers are doing,” Levine said. “They are using the same tactics they’ve used before to get inside these organizations (someone clicks on an attachment with malware and the malware sits and waits) and FireEye and/or other security products could have, should have caught this, especially given the volume of data that was stolen.”
Regardless of how unique and undetectable the malware was, Levine said, the volume of data being transferred should have been easy to detect.
“We’re talking thousands of files — that takes time to siphon that out of an organization,” he said. “And if it was a North Korean organization, that means that data was likely being bounced around to numerous foreign IP addresses as well. Security pros call this the kill chain defense, and there were so many points where this attack … could have been seen and dealt with.”
Levine said the breach clearly indicates that Sony needs to change its perspective on security. “Like so many organizations, they need to stop focusing exclusively on the network and start defense from the inside out,” he said.
“Identify the critical information and lock it down — it’s that simple,” Levine added. “Every reporter or industry expert who’s evaluated the data files from the Sony breach admits that 95 percent of it is completely benign. It’s that other 5 percent that’s really hurting them right now — that’s the 5 percent they should have started with — that’s the 5 percent they should have locked down in the first place.”