Page 23 - index
P. 23
2) A Nation state reacts in June, 2014 and asks both The Whitehouse and UN to halt
release of the movie “The Interview”
3) No response to their request and threat to pull “The Interview”, to them an ‘act of war’.
4) Between July, 2014 and October, 2014, a crack team from a large cyberarmy is charged
with Reconnaissance (RECON) on Sony Pictures Entertainment for the deployment of a
highly targeted Phishing attack that deploys a RAT.
5) Internal network RECON takes place, files are stolen by being transferred (uploaded) to
other RAT victims, not directly to the attacker, in this case most likely a cyberarmy.
6) File uploads, email and records pilfering along with hard drive wiping tools were most
likely controlled by Command and Control (C&C) RAT servers located outside of the US
with other computers controlled remotely inside the US.
7) Pilfered files are leaked, threats are made through spoofed IP addresses accessing
gmail accounts to make tracing difficult.
8) 9-11 type threats are made to trick Sony and Movie Theaters into blinking. They blinked.
9) US Government and top security forensic professionals (FBI.gov, Mandiant, Fireeye)
figure this all out as well and share some of this information including the fact that the
malware was developed on Windows in the Korean language (most likely using WINE
running Windows on a linux derivative OS). The Whitehouse reacts, now that the initial
forensics is complete and the POTUS is fully briefed.
Can We Protect Against This Type of Attack?
If my analysis is correct then any organization
could defend against this attack, in spite of the
FBI’s statement that 90% of businesses would
have been victimized (this is probably true, sadly).
To defend against this attack, even though
“Usernames&Passwords” was one of the files
discovered, with plaintext passwords like the word “password”, that’s not what triggered the
attack, changing those passwords would have made it a longer and harder RECON and
pilfering period but it wouldn’t have stopped them. It’s very embarrassing for SPE to have used
such foolish passwords and file names.
But that’s not the heart of the problem. Here’s my view:
23 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
