Sony must secure networks, analysts say
Continuing breaches suggest company's networks may be more porous than assumed
Computerworld - The apparent ease with which hackers have breached Sony networks in recent days shows how much work is still needed to fully secure the company's networks, analysts say.
Sony, along with three external security firms, has been working frantically to shore up its systems since the company uncovered two breaches in mid-April that compromised data of nearly 100 million members of its PlayStation Network and Sony Online Entertainment network.
About 10 days ago, Sony announced that it had fixed all problems with its PSN and SOE networks and partially restored services.
Since then, there have been at least three separate -- and relatively minor -- attacks reported against Sony systems.
The relative ease with which hackers were able pull off the most recent intrusions is surprising, given the heightened attention to security at Sony since the widely publicized PSN hack.
"The original attacks [on the PlayStation Network and Online Entertainment networks] were probably quite targeted and quite skilled," said Chester Wisniewski, senior security adviser at security firm Sophos. "Now it seems to be that every random hacker out there has jumped on the bandwagon" to attack Sony.
Wisniewski cited an attack against Sony BMG's site in Greece, where hackers uploaded a database containing nonsensitive user information to a public site.
The attack was not sophisticated and involved a pretty simple exploit of a SQL injection flaw, analysts said. "I'm surprised they wouldn't have cleaned up something like this by now," Wisniewski said.
The attacks suggest that Sony may have more work to do securing its networks than it might have bargained for, said Phil Lieberman, CEO of Lieberman Software.
The company's hard-line stance on copyright protection has earned it several enemies within the hacker community. Many of them are taking advantage of the publicity surrounding the Sony intrusions to try to further embarrass Sony, he said.
"Taking a baseball bat to a hornet's nest is never an advisable strategy. Sony's strategy in defending its intellectual property was heavy-handed and has triggered the 'nuclear option' with those that it engaged," Lieberman said.
While Sony focused heavily on protecting IP and enforcing copyright protections, the company appears to have done little to protect its massive presence on the Internet, Lieberman said. "I think Sony's beginning to understand that they horribly underinvested in security. It's simply not in their DNA."
- Hackers steal user data from the European Central Bank website, demand money
- Arrests made after international cyber-ring targets StubHub
- SQL injection flaw opens door for Wall Street Journal database hack
- Goodwill Industries probes possible payment card breach
- Aloha point-of-sale terminal, sold on eBay, yields security surprises
- The biggest data breaches of 2014 (so far)
- Blue Shield discloses 18,000 doctors' Social Security numbers
- PF Chang's says breach was 'highly sophisticated criminal operation'
- Breaches exposed 1 in 7 US debit cards in 2013
- New malware program targets banking data
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!