ISMG's Guide to the Sony BreachA Comprehensive Index of News, Analysis and Opinion
Is there a bigger security news story in all of 2014 than the breach of Sony Pictures Entertainment?
In late November, Sony suffered a significant cyber-attack that led to intellectual property and personal employee details being leaked online. Since then, on nearly a daily basis, new details have come to light about the breach, which the FBI has blamed on North Korea.
The following index offers you a comprehensive guide to all of Information Security Media Group's ongoing coverage of the Sony breach, from breaking news to expert commentary on the attack, including lessons for organizations to incorporate in their own security programs.
From Attack to FBI Attribution
On Nov. 24, Sony Pictures faced the wrath of hackers when "wiper" malware detonated on the company's systems, reportedly erasing PC and servers' hard drives, as well as the machines' Master Boot Record, thus "bricking" the devices.
A group claiming credit for the attack, called "Guardians of Peace," subsequently began releasing data stolen from Sony, including high-quality digital copies of new movies that have yet to see their U.S. or global release, as well as sensitive information on employees, including health data.
Following weeks of data leaks, G.O.P. published a "terror" threat on Dec. 16 against movie theaters planning on showing "The Interview," in which a tabloid TV reporting team heading to Pyongyang to interview dictator Kim Jong-Un are approached by the CIA to assassinate him. On Dec. 17, Sony canceled the film's scheduled Dec. 25 release. Two days later, the FBI attributed the malware attack to North Korea.
Subsequently, Sony Pictures reversed its decision and announced plans to release "The Interview" in a limited number of theaters, as well as online. Below is a guide to the news that developed following the "wiper" malware attack against the film studio:
- Sony Pictures Investigating Attack
- Sony Hack: FBI Issues Malware Alert
- Defending Against 'Wiper' Malware
- 'Wiper' Malware: What You Need to Know
- Sony Hack: 'Destover' Malware Identified
- Sony Hack: Ties to Past 'Wiper' Attacks?
- Hackers Threaten Sony Employees
- Sony Suffers Further Attacks
- Researcher Claims Destover Malware Hoax
- Experts Question Sony Hack-Back Story
- Sony Breach Response: Legal Threats
- Sony's Breach Notification: The Details
- Sony Hackers Threaten Movie Theaters
- Sony Breach: Studio Cancels Film Release
- Sony Hack: Is North Korea Really to Blame?
- Sony's Action Called 'Dangerous Precedent'
- Sony Hack a 'National Security Matter'
- FBI Attributes Sony Hack to North Korea
- Sony: N. Korea Warns of 'Consequences'
- Who Disrupted Internet in North Korea?
- Sony Now Plans to Release Film
- Sony: Attribution Debate Rages
As news of the Sony Pictures hack unfolded, security experts weighed in on Sony's alleged security inadequacies, the studio's decision to cancel the release of the film, as well as their breach response mistakes.
The breach has been described as a turning point in cybersecurity, as it is likely to give more CISOs a new degree of board-level visibility. "That visibility will come at a price, though, with CISOs now in the hot seat to see that their organization doesn't have its own 'Sony breach,'" says Tom Wills, director of consulting firm Ontrack Advisory.
Following are features, interviews and blogs gauging the significance and consequences of the Sony breach:
- Sony Hacking Is a Hollywood Blockbuster
- Why Are We So Stupid About Passwords?
- Sony Hack: A Turning Point
- Sony Hack Draws Intense Reactions
- Sony's 7 Breach Response Mistakes
- Security Expert on How Sony Hack Breaks 'Nation-State' Mold
- How Should U.S. Respond to Sony Breach?
- 6 Sony Breach Lessons We Must Learn
ISMG's coverage of the Sony breach also includes an infographic that details the similarities between Sony's "wiper" malware attack with those against firms located in Saudi Arabia and South Korea, as well as a visual timeline of the events surrounding the breach at the film studio.