Archive for January, 2015

There are 1 results found

Sony – North Korea or possibly an insider?

Sony has been a constant news item. Many insist Sony was breached by North Korea. They had the motive, so many say. But does the evidence point to North Korea? Are they the only ones with motive? Or was this more likely the work of an insider? And what are we doing about preventing the next such breach?

The Sony breach seemed to be tied up securely by the forensics experts
sony

From Business Insider article referenced here.

very early. It was declared an unprecedented breach by an organized group that could not have been caught by antivirus engines. It was declared that it had to be North Korea or a country on behalf of North Korea.
To quote, “The malware was undetectable by industry standard antivirus software”.
“The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”

But is this an accurate description of the Sony attack?

What is ‘detectable by industry standard antivirus software’? Not much. Very likely, not the Sony attack. Traditional antivirus software, even if using behavioral techniques, requires signatures. It needs to have seen the attack or the malware previously. No targeted attack as described in the Sony case should be expected to be caught by ‘industry standard antivirus software’.

That is where zero day security software such as DayZero’s SigFree Cerberussony comes into play. This type of security software does not rely on signatures. It does not require that the attack have been seen and analyzed before. Security software such as SigFree Cerberus is true zero day protection. In Cerberus’ case, it is designed to find malware planted on a computer and trying to send out private information without permission.

A free trial copy of SigFree Cerberus may be downloaded from http://cerberus.dayzerosystems.com/download/.

Some investigators refuse to imagine any attacker of Sony other than North Korea. They cite not only the Sony film, and the stolen and released private information. They also mention the internal damage done. But this in fact is often the fingerprint of a disgruntled insider(s). In fact, the latest speculation on the Sony attack is in fact a series of attackers. And, suspect insiders, past Sony employees for the most part, have been identified.

Keep in mind that year after year, approximately half of all data breaches are either committed by insiders or otherwise due to human error, in addition to human induced security flaws.

But what are we doing to prevent the next Sony type attack? Will anyone wake up and accept that our current software security methods are inadequate? Will anyone start to embrace new technology for true zero day protection?