Posted in Archived

Sony Attackers Used Stolen Admin Credentials

Reading Time: 2 minutes

The crippling cyber-attack at Sony has remained in the headlines since it was first reported late last month. It has now been reported by US investigators that the breach has been traced to the stolen credentials of a systems administrator.

At this point, Sony must be hoping to wake up from their data breach nightmare.

Investigators have traced the breach at Sony back to the stolen credentials of a systems administrator.

The attacks were by a group called Guardians of Peace (GOP) who demanded that the upcoming Sony comedy “The Interview” not be released. On Wednesday, Sony officially cancelled the December 25th release of the movie about the assassination of North Korea’s leader.

Finally, almost a month after the breach they are able to report that it was a system administrators credentials that were stolen. It also appears they have found out who is responsible. Yesterday,NBC News reported, “U.S. officials now believe Sony hack attack was launched inside North Korea & routed through servers in Taiwan.”

Many assumed that North Korea was behind the attacks since reports first came out – in June, the country declared war on Sony if they did not stop the movie. However, the country has still not officially claimed responsibility for this hack.

For Sony, the fact that there may be retribution – or at least retaliation – for the attack is of little comfort. Hackers used admin credentials to steal thousands of sensitive company files that were released to the public and then they installed destructive malware to cover their traces. It’s a true nightmare.

Only time will tell how long (and how much it costs) for Sony to recover from the breach. The expenses are adding up quickly: Sony is at risk of lawsuits from employees’ who have had sensitive data released, they have hired leading crisis management teams to take over PR and their business operations came to a halt. We aren’t even including the cost of cleanup and IT infrastructure improvements.

69 percent of reported breaches involved an insiderIn the past, companies have been focused on fortifying their defenses against outside attacks. The fact that stolen credentials started the entire breach should be a wake-up call to many companies. User-based risk is the fastest growing IT threat. In fact,69% of data breaches involved an insider.

Even if you believe you can trust all of your employees, monitoring user behavior is a vital necessity to keep your company – and those employees – safe. Once a cybercriminal has administrative credentials, the entire kingdom is theirs for the taking.

To sharpen your insider threat security skills check out: 5 Tips for Responding to Risking User-Based Risk.