View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 19, 2014

‘Trivial attack technique’ may be cause of Sony breach

Rapid7's Trey Ford reacts to reports that attackers in the Sony breach may have obtained administrator credentials.

By Ellie Burns

New reports indicate that the attackers in the Sony breach obtained access to administrator credentials, giving them broad latitude to access systems and data.

This is not completely new news – Trey Ford, Global Security Strategist for Rapid7, noted when the attack was first reported.

The attacker’s ability to change all the PC screensavers on the Sony network proved the hackers had compromised one of the most powerful accounts in the network, as the attackers had been able to make changes to the Windows software on every computer.

This attack technique is trivial for an insider with valid network credentials and only incrementally harder for an external actor.

Ford says, "I do not believe this data point is a useful indicator identifying an external or internal actor. The police likely have additional information which is leading them to believe the credentials were stolen."

"Gaining administrator credentials is one of the most sought after tactics by attackers because it enables them to access nearly anything they desire and it enables them to impersonate a valid user on the network, evade detection and stay on the network for days, months or even years."

"Identifying bad actors on the network, quickly, will be a key area of investment for organisation’s networks in the coming years."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Looking at the Sony breach in general, Ford also commented: "The Sony breach ends a year that has been dominated by high profile breaches – it’s a year since the Target breach was disclosed. I think the key lesson for all of us is that we must prioritize business continuity planning that includes the cyber security risk profile of our organisations."

"The Sony breach is dramatically different than the mega breaches that have come before it such as Target and Home Depot. It’s a reminder that attackers come in many forms and with many motivations."

"An attacker may not be driven by monetary gain as Target and Home Depot attackers appear to have been; they may seek to exact retribution, embarrassment, defacement or damage. When you consider risk and continuity for your organisation, it’s important to note that attackers are not only seeking the theft of credit cards."

"Companies have a lot more sensitive and valuable data than just credit cards and financial information, and there is potentially a very high cost to the business of the loss of intellectual property and other trade secrets, internal communications, and employee and customer personal information.

"We must also be mindful that attackers may not steal information at all and may instead focus on destruction, which could be just as disruptive to your business. The bottom line is that any business could be a target and you must fully assess what you have that might be valuable, and try to understand why you might be attacked. You need to have a plan to mitigate not just theft, but destructive attacks as well."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.