The Sony Pictures hackers reportedly gained access to Sony’s systems by obtaining the login credentials of a high-level systems administrator.
According to CNN, an anonymous US official who was reportedly privy to government briefings on the topic of the Sony hack, said that once they got these credentials, they were granted the “keys to the entire building”
Trey Ford, global security strategist at Rapid7 noted that when the attack was first reported, it was that the attacker had ability to change all the PC screensavers on the Sony network. “This attack technique is trivial for an insider with valid network credentials and only incrementally harder for an external actor,” he said. “I do not believe this data point is a useful indicator identifying an external or internal actor. The police likely have additional information which is leading them to believe the credentials were stolen.
“Gaining administrator credentials is one of the most sought after tactics by attackers because it enables them to access nearly anything they desire and it enables them to impersonate a valid user on the network, evade detection and stay on the network for days, months or even years. Identifying bad actors on the network, quickly, will be a key area of investment for organisation’s networks in the coming years.”
According to CIO, the identity of the hackers was further clarified by tracing “signal intelligence” in addition to other methods which were not detailed.
Ken Westin, security analyst at Tripwire, said that it would also be useful to know who the anonymous US officials are, especially those speaking to the media regarding the North Korean connection. “Cyber security has become an increasingly political topic thanks to recent NSA revelations and increased defence spending being allocated to cyber defence (and offense), not to mention issues of pirating, net neutrality, privacy and related topics all of which the Sony breach touches on,” he said.
Last night it was reported that the US was viewing this as a serious national security, as White House spokesman Josh Earnest said that the US believed the hacking was the work of a “sophisticated actor” – but refused to confirm if North Korea was responsible.
At a White House briefing on Thursday, Earnest said US officials had held daily discussions about the Sony cyber attack and were considering an “appropriate response”. However, he refused to comment on who was responsible, saying he did not wish to pre-empt an investigation by the Department of Justice and the FBI.
Ian Pratt, co-founder of Bromium, said: “The attack has clearly been more sophisticated that the average hacktivist attack, but the current state of software security is such that it would not have been particularly difficult or expensive to execute, and at very little risk to the attackers.
“It’s not that the security team at Sony Pictures did a bad job, it’s that security teams at all corporations currently face a nigh impossible challenge of keeping hackers out. We need to demand that software and hardware vendors to a better job of security by design, making systems that are less vulnerable and more resistant to attack. Only then
will we be able to change the economics and make the cost of such attacks prohibitive, putting the advantage back in the hands of the security teams that defend our networks.”