Sony must secure networks, analysts say
Continuing breaches suggest company's networks may be more porous than assumed
Computerworld - The apparent ease with which hackers have breached Sony networks in recent days shows how much work is still needed to fully secure the company's networks, analysts say.
Sony, along with three external security firms, has been working frantically to shore up its systems since the company uncovered two breaches in mid-April that compromised data of nearly 100 million members of its PlayStation Network and Sony Online Entertainment network.
About 10 days ago, Sony announced that it had fixed all problems with its PSN and SOE networks and partially restored services.
Since then, there have been at least three separate -- and relatively minor -- attacks reported against Sony systems.
The relative ease with which hackers were able pull off the most recent intrusions is surprising, given the heightened attention to security at Sony since the widely publicized PSN hack.
"The original attacks [on the PlayStation Network and Online Entertainment networks] were probably quite targeted and quite skilled," said Chester Wisniewski, senior security adviser at security firm Sophos. "Now it seems to be that every random hacker out there has jumped on the bandwagon" to attack Sony.
Wisniewski cited an attack against Sony BMG's site in Greece, where hackers uploaded a database containing nonsensitive user information to a public site.
The attack was not sophisticated and involved a pretty simple exploit of a SQL injection flaw, analysts said. "I'm surprised they wouldn't have cleaned up something like this by now," Wisniewski said.
The attacks suggest that Sony may have more work to do securing its networks than it might have bargained for, said Phil Lieberman, CEO of Lieberman Software.
The company's hard-line stance on copyright protection has earned it several enemies within the hacker community. Many of them are taking advantage of the publicity surrounding the Sony intrusions to try to further embarrass Sony, he said.
"Taking a baseball bat to a hornet's nest is never an advisable strategy. Sony's strategy in defending its intellectual property was heavy-handed and has triggered the 'nuclear option' with those that it engaged," Lieberman said.
While Sony focused heavily on protecting IP and enforcing copyright protections, the company appears to have done little to protect its massive presence on the Internet, Lieberman said. "I think Sony's beginning to understand that they horribly underinvested in security. It's simply not in their DNA."
- Web apps and point-of-sale were leading hacker targets in 2013, says Verizon
- Michaels breach exposes nearly 3M payment cards
- Teen nabbed in Heartbleed attack against Canadian tax site
- Heartbleed bug can expose private server encryption keys
- FTC can sue companies hit with data breaches, court says
- 5-year-old hacks Xbox, now he's a Microsoft 'security researcher'
- State AGs probe Experian subsidiary's data breach
- NSA sniffing prompts Yahoo to encrypt traffic between its data centers
- Banks withdraw data breach claim against Target
- Bank abandons place in class-action suit against Target, Trustwave
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts