Friday, April 17, 2015

The nightmare goes on for Sony.

It is undoubtedly the news of the day: when we thought  the attack on Sony Pictures corporation was over, Wikileaks organization publishes online all documents and emails stolen from Sony, with a search engine so they are easier to find. There is no talk of nothing else in the gossip and social networks. We, however, will also talk about targeted attacks, employees who do not follow security policies and the opening to the public of the IBM X-Force Exchange platform.

Last Christmas was a bitter one for Sony Pictures, due to a bloody attack which stole a large amount of information from the company and made it public. But today we discover that there was more than what was shown and because Wikileaks has decided offer it to the public. There are 30,000 documents and 173,000 emails where we can read, among other activities, about the "lobby" activity of the corporation, it´s friendship and financing of the US Democratic Party and its role in the closure of the Megaupload site.

The Sony case has caused that many companies that so far were paying no attention to INFOSEC, to take  it more seriously now. Employees, are one of the key elements because they´re the weakest link, for being the most easily gullible or having unsafe behaviors. A survey has analyzed the latter, related to the cloud, and concludes that one in four workers, knowingly or unknowingly, violate corporate security policy when using public cloud applications, exposing their login credentials.

Something like that could end up in all kinds of attacks against the company, such as an "Advanced Persistent Threat" with malicious code installation at key elements of the network which will spy their movements for years. Or not. The analyst Pablo F. Iglesias, reveals the existence of another kind of attack: the "Advanced Volatile Threats", whose mission is to enter the corporate network and go out as fast as possible without leaving a trace.

There are profuse references about all these attacks and more in the IBM X-Force Exchange, a platform to share information on cyber threats, just opened to everyone by  the veteran company. We have decades of INFOSEC knowledge which are already making green with envy to all experts, eager to sink their teeth into once they have some respite.

From here, we applaud IBM for making available to the public one of the largest and most complete catalogs existing on vulnerabilities, threats, malware, spam, phishing and, well, almost every topic we talk about in this service everyday .


Post a Comment