Sony Hack Breaks 'Nation-State' MoldHack-Attack Expert Details Lessons Organizations Must Learn
Following the Nov. 24 wiper malware attack against Sony Pictures Entertainment, and weeks of the company's data being leaked by attackers, the FBI has attributed the attacks to North Korea.
Many security experts have called for the FBI to release precise technical details of the attack, saying that anything less leaves room for speculation. But even if the FBI definitively proves that the Pyongyang-based regime, headed by Kim Jong-un, ordered or directed the attacks, the Sony Pictures hack differs significantly from previous large-scale hack attacks, which tended to fall neatly into one of several categories.
"In this attack, it's a little unclear to me exactly what the motive is: Is it a nation-state motive? Is it a hacktivism motive? Is it an espionage motive? Is it a criminal motive?" says Carl Herberger, vice president of security solutions at app delivery vendor Radware. "It feels like all four motives are resident here, and that's not normally a nation-state kind of attack. Not that it can't be, but it feels a little strange.
"You don't normally get a criminal motive like this from a nation state, not in a public way," he says. "If you get criminal motive, you normally see it in a very clandestine way. So you're left with a lot more questions than you feel like you've answered."
In this interview with Information Security Media Group, Herberger also details:
- The difficulty of attempting to attribute attacks to any particular group or nation state;
- Whether the attack against Sony Pictures represents a "cyberwar" first strike;
- Sony's data breach response strategy, and how it compares with Target's late-2013 response after discovering its network had been breached.
Herberger is vice president of security solutions at Radware. He's previously worked at a major cloud security provider, for multiple information security consultancies, and served as an information security advisor to the Pentagon.