Malware holding data ransom

The Sony data breach in late 2014 has caused embarrassment towards their own top executives and employees. Here is a timeline of the Sony hacking events.

Here’s the timeline of the 2014 Sony Pictures Cyber-attacks:

November 24

Sony Pictures Headquarters

Early morning at Sony Pictures Entertainment Headquarters, based in Culver City, an image of a skull with long skeletal fingers simultaneously appeared on all employee’s computer screens. The image contained a threatening message saying, “This is just a beginning. We’ve obtained all your internal data.” This was noted to be the first sign of the digital break-in.

November 25

Computers at Sony headquarters in Culver City and overseas remain shut down.  The spokesperson of Sony Pictures Entertainment said that they were investigating an IT matter. However, several news organizations report that Sony has suffered a digital security breach.

November 26

Sony employees continue working even without computers and other digital technologies, such as voicemails and emails.

November 27

Mr_Turner_Promo_Poster

Five Sony films were leaked online and made available on on-line file-sharing hubs. Four of the five films are yet to be released. Included in the films are Brad Pitt’s Fury, Annie, Still Alice, Mr. Turner, and To Write Love on her Arms.

November 28

Initial reports surface that Sony Pictures Entertainment suspects North Korea being the one responsible for the attack. Sony beleives that the attack is in retaliation for the film “The Interview”. The story is about a plot to assassinate the North Korean dictator.

November 29

Computer_Turned_off

Sony’s computers are still shut down.

November 30

The speculation and reports indicate that North Korea is behind the cyber-attack.

December 1

Multiple confidential Sony documents were leaked including the pre-bonus salaries of Sony’s executives. The information also includes salary details of more than 60,000 Sony employees. Executive figures are published in many sites, including Deadline. Sony works with the FBI to investigate the attack.

December 2

A company-wide alert was delivered to employees about the attack, which was issued by Sony’s chiefs Amy Pascal and Michael Lynton.

December 3

Critical information has been extracted from a big dump of stolen data which included a large list of account credentials, YouTube authentication credentials, UPS account details, all in plain text. To add to this, it also included a collection of scathing critiques of Adam Sandler movies along with files containing information on passports and visas of crew and cast members who have worked on Sony films. Some of this confidential information is published on online sites, including a 25-page list of workplace complaints of Sony employees.

Sony stated that the investigation is on-going.

December 4

FBI_Seal

A Flash warning from the FBI is made regarding the malware attack, named Destover Backdoor, and alerted all large American security departments.

Press reports also stated that some cyber-security experts found out some significant similarities between the codes used in the cyber-attack of South Korean companies and government agencies, which were also blamed on North Korea and the codes used in the Sony attack.

December 5

The Sony attackers who are claiming to be the “Guardians of Peace” sent Sony employees an e-mail threating them that they will hurt their families if they don’t sign a statement disclaiming the company.

December 7

Further data leaks occur involving the financial details from Sony Pictures. According to Bloomberg, the leak traces back to a hotel in Thailand where an executive from Sony was lodging there at the time.

North Korea praised the attack by calling it a “righteous deed” and denied any involvement in the attack.

December 8

More leaks, which were uploaded to pastebin, were added but were soon taken down. This information illustrated details of email archives belonging to two executives; the President of Sony pictures and his co-chairman, Steve Mosko. This leak was believed to have not been North Korea; it most likely came from a disgruntled employee group.

December 10

The_Pirate_Bay

More legitimate leaks are disclosed, this time pertaining to details of tracking film piracy activities. Such activities include showing Sony’s internal anti-piracy procedures and details regarding the five ISP (Internet Service Provider) giants, used to monitor illegal downloads.

December 12

News reports from Buzzfeed, Bloomberg News, and Gawker stated that stolen documents from Sony were released, which included the medical records of Sony employees. The listed medical conditions include liver cirrhosis, cancers, and premature births.

December 13

Further genuine leaks are involve financial account information, showing revenues, expenditures, past and current projects, and deals, of which are all current still to Sony.

December 14

Spectre

The latest batch of stolen Sony documents was released by the hackers. Included in these documents is the latest version of the script of “Spectre” which is the next James Bond Film. Sony hired famous litigator David Boies who sent a letter to different news organizations demanding that they erase all stolen information that the hackers had provided them.

December 15

Former employees of Sony filed a class-action lawsuit against the studio with the claim that Sony took inadequate security measures to protect their personal data.

December 16

The hackers sent an e-mail to reporters threatening to attack movie theaters that will show “The Interview”, which was set to premiere on Christmas Day. The communication sent by the cyber terrorist to the reporters even mentioned that they should  remember the 11th of September 2001.  They also threatened to fill the world with fear to show to the people that Sony Pictures Entertainment has created an awful film (The Interview).

Another batch of data was released including a huge number of e-mails stolen from Sony’s co-chairman and CEO Michael Lynton. Former Sony employees filed a second class-action suit with the claim that Sony was negligent in not protecting their personal data.

In connection with the threat made by the hackers to theaters, Sony told theater owners to cancel the showing of the film “The Interview” if the threats of the hackers worry them. In response to this, Carmike was the first chain to declare that it will not show the film. Landmark Theaters also said that the New York premiere of the same film was been cancelled.

December 17

The_Interview_Poster

Sony Pictures Entertainment pull the planned release of the film “The Interview” on Christmas Day in connection with the threat of the cyber terrorist to attack theaters that show the film. Moreover, Sony also pulls every TV advertisement of the film.

December 18

The hackers praised Sony’s decision of pulling the premiere of the film and said that as long as the film was kept out of theaters the threat will end. However, there is still a high chance of attack if the film is to be released in VOD (video on demand).

December 20

North Korea invites the United States to take part in a joint investigation regarding the Sony attack as a proclamation of their innocence. However, they warned the United States of “serious consequences” if ever they retaliate.

December 23

Sony decided to move ahead with the release of the film on Christmas day and allow it to be screened across participating theaters.  Simultaneously, the film would be planned to be released in VODs. Sony claimed victory for this decision since they have never given up a film before.

December 30

Sony made the film available for rent online.

Final thought …

This timeline for Sony Pictures Entertainment Cyber Attack serves to create a better picture of what all the fuss was about. With so many events, it can be confusing to keep up with the news; therefore, we hope some value is found from understanding what such a run of malicious attacks can do to a company, even as big as Sony Pictures. Stay safe and always keep your systems and networks up to date.

For more ways to secure your data and systems, contact your local IT professionals.

Read More


Zero-day Internet Explorer Exploit CVE-2014-8967

If you use Internet Explorer as your web browser, pay close attention to a recent Zero-Day vulnerability CVE-2014-8967 found allowing remote code execution.

Out of the various web browsers available to download, Internet Explorer is often the most vulnerable for attacks since it happens to be the one that is widely used globally.

We will summarize here what you need to know about CVE-2014-8967.

What is a Zero-Day vulnerability?

Microsoft and anti-virus companies regularly release updates and new virus definitions to address these exploits.  Zero-day means the exploit or bug is so new that no company has had a chance to patch it yet.

Specifically for zero-day vulnerability CVE-2014-8967, Internet Explorer has been exploited by hackers who have piggybacked on its publicly accessible framework to execute arbitrary code.

  • Technically speaking, the Internet Explorer vulnerability is all about the way in which it references “counting”, to allocate given in-memory objects.
  • These in-memory objects represent elements pertaining to HTML, otherwise known as CElement Objects.
  • An additional CSS style is applied, which illustrates the style it displays.
  • This change creates a loophole in the browser where the object’s reference can be allowed to drop down to zero before it normally should.
  • This in turns causes the object to become available to accept other commands to run.
  • This is where an opportunist can exploit the vulnerability to run code within the given framework.
  • The danger lies in the privileges the attacker can have on your system.
  • For instance, if you have administrator rights, the hacker can also acquire this same right, that’s if they manage to successful carry out the browser vulnerability hack.
  • It’s not much of a high risk if your account has basic user rights. Regardless of the level of user permissions you have, such an attack is undesirable.

Examples

An example of such an attack can originate via a dodgy website such as a hosted site managed by the attacker, is configured to apply the Internet Explorer vulnerability.

 

Examples of malicious banners and messages.

Examples of malicious banners and messages.

All that is needed is some sort of user action, such as a prompt, to trick the user into visiting the malicious site.

Another way hackers can use this vulnerability is by targeting other compromised websites to do the same thing.

Regardless of the malicious intent, you’re always in control and should practice safe browsing by avoiding suspicious or unfamiliar websites.

It can all begin by accidentally by opening an infected file or unknowingly visiting  a malicious web page, which executes the browser vulnerability.

This is why we stress the importance of not opening unknown recipient messages that contain attachments or links within emails and other places such as web banners or message boxes. The best thing to do is close down the page or delete those suspicious emails and notify your IT administrator.

Prevention and protection

The good thing about all the Microsoft mail clients, such as Microsoft Outlook Express, Microsoft Outlook and Windows Mail, is that they all disabled Active X and scripts by default. This stops malicious code from launching itself automatically and creating a problem, as discussed previously. However, you still need to be careful not to open unknown files or links.

How to protect yourself from Zero Day Internet browser vulnerability:

 

 

  • Update your Operating System. Do this with Windows Updates and be sure to apply any critical patches.
  • Do not Open attachments. It can all begin by accidentally opening an infected file or a malicious web page to execute the browser vulnerability. This is why we stress the importance of not opening unknown recipient messages that contain attachments or links such as web banners.
  • Use a different browser. Using a different browser can prevent the typical browser exploits found on Internet Explorer. For example Chrome, which is one of our preferred web browsers to use.
  • A little configuration can go a long way. Within Internet Explorer settings, you can set the option to prompt before allowing “Active scripting” to run, or alternatively, disable “Active scripting” within “Internet and Local intranet security zone settings”.
  • Use EMET. This is more for system administrators; however EMET (an Enhanced Mitigation Experience Tool Kit) can prove invaluable. This will be necessary I’d you’re working in a company that is unwilling to move away from Internet Explorer. EMET is a great workaround to help you to avoid this vulnerability.

For more ways to pro-actively protect your business and data from malicious vulnerabilities, contact your local IT professionals.

Read More


power_surge_servers

Aside from backups and security, protecting your servers and workstations from power surges, thunder storms and power outages helps avoid costly downtime.

You may have wondered if a UPS (uninterruptable power supply) and Surge protectors are necessary and worth the extra cost in your office IT infrastructure. We’ll clarify that for you and explain each one in more detail.

Standalone Surge Protectors

Surge protector for your office IT equipment

A surge protector exists to protect working computers, computer peripherals and devices from power surges emanating from a primary power source.

How surge protectors work

 

The standard US voltage for homes and office premises is 120 volts. A power surge is anything the goes well over 120 volts. When this happens, it’s highly likely that your plugged in devices will receive this surge of power than can result in damage to the component power supply or other parts of the system as well.

Surge protectors work by transferring the excess voltage via the device’s grounding wire, stopping it from reaching the electronic device. This still allows it to receive the normal voltage needed to operate seamlessly. This way it helps maintain your electronic devices over a long period of time. This rings true, as unprotected devices can cease to work without warning due to burnt components or wires that may have been exposed to surges through the wire over time.

Electrical storms

No matter how good your power surge is, it cannot protect your device from a sudden increase of intense power experienced by thunder storms, which can be millions of volts! Your best bet will be to unplug all devices that you have and wait for the storm to pass.

Cost

You can acquire lower end surge protectors for as little as $20-$40. Good brands to consider are Belkin and Tripplite.

UPS – Uninterruptable Power Supplies

 

Uninterruptable power supply
As the name suggests, a UPS is a device designed to keep your computer running for a given period of time when building power is suddenly disrupted or cut off.

How UPS works

The remaining power to keep your computers, servers or equipment running is stored in a battery, which kicks in when loss of main power is detected. This is useful during a power outage and will allow you a limited time to save any work on your computer, so you can have shut it down gracefully.  Most UPS devices will automatically initiate a shut down on your server or workstation once a power outage is detected, so there’s no need for a manual shut down.

Most UPS on the market come with surge protection, which will take the edge off the power spike to protect your system components from being damaged. You can even get software that will auto save any documents and data when the UPS is triggered.

Power Outage

Imagine you have a small office, and without realizing it, a power surge occurs followed by a power outage during a heavy storm. If you had UPS devices paired up to your most critical computer systems you’ll be glad to know that the whole day’s work would not be lost, and your system would still be running on battery or at a worst case gracefully shutting the computers down.

The UPS protected computer had received a higher voltage spike ( 120+ Volts). That extra voltage was redirected to the UPS power surge component protecting the computer. Now you have this computer running on UPS battery. This can give you approximately around 20 minutes to half an hour to save all the day’s work before the UPS shuts down the system.

Cost

UPS devices are more costly than surge protectors. You can get a decent one around $100, such as Cyberpower or the more expensive ones, such as APC Smart starting around $320. UPS is that they also comes built with surge protectors, as well acting as a battery, which is why they are more expensive than a standalone surge protector.

Surge protector or UPS?

If you’re still deciding between purchasing a UPS or a surge protector, we suggest you first consider your personal circumstance. For instance, if you run and manage an entire office or department that deals with very important data and you wish to preserve your systems throughout all kinds of power fluctuations, the UPS would be your best option.

The same goes if you’re a person who works from home and the work you do on your computer is your livelihood, then a UPS would be the best choice for you.
In the scenario where you just use your own PC for occasional work, and web browsing, a surge protector may be a better choice.

For more ways to protect your critical business systems, servers and components, contact your local IT professionals.

Read More


Wiper malware attack on Sony Pictures

The sophisticated Wiper malware which was launched against Sony Pictures does exactly what it sounds like: wipes anything and everything from systems.

“Wiper” uses a malicious set of attacks:

  • Wipe out all information held on hard disks
  • Reboot servers
  • Prevent access to Exchange emails
  • Close down networks
  • Used on all versions of Windows

How Wiper malware works:

  1. The Wiper executable file, recognized as exe, is known as a “dropper” file.
  2. This file will install itself over supporting files and as a trusted Windows service.
  3. It also creates a network share within the system root directory. This allows any other computer over the network to reach it.
  4. It uses the WMI (Windows Management Interface) to communicate with other machines and run code to and from them to spread itself further across the network.
  5. This allows wiper to gain access to any machine on the system via a computer network exploitation (CNE).
  6. Broadcasts are sent out to remote command networks via a “beacon” message, the malware is already accessing the hard drive to delete data by each sector.
  7. It overwrites data with ordinary user privileges by disguising itself as a USB 3.0 device driver.  This is a commercially available disk driver, made by EldoS.
  8. It then instructs the operating system to halt for a couple of hours then wake up with a reboot. By this time, all the data is wiped clean by the malware.

Wiper attack on Sony Pictures

Sony Pictures is a prime example of being on the receiving end of the “Wiper” attack. This particular attack recently gained media attention, got the FBI involved and caused a stir at Antivirus companies.

Wiper malware memo from FBI

A snippet from the FBI memo about Wiper

Speculation at Sony from a Re/code analysis reports links the attack to North Korea. This is partly due to a near identical attack carried out against South Korea by their northerly neighbors. Originally it was claimed the attack was motivated by disgruntled ex-workers who were laid off due to a company restructure earlier in the year.

What can you do?

It’s likely that this kind of attack is mostly aimed at very high profile companies, like in our example above. In general it’s wise to do the following to keep on top of your business or home security:

  • Update Anti-virus definitions. Be sure to have the latest updates from you Antivirus provider. Updates are added regularly to detect and quarantine suspicious files from doing further damage.
  • Verify your backups, and opt for an offsite or Cloud solution, in the case of a catastrophic data loss.
  • Update your critical Windows Servers and desktops with the latest operating system security patches.
  • Avoid being spear fished. Do not open unknown emails which contain attachments or files. Be conscious of spoof emails that may trick you into clicking attachments.
  • Lock down USB usage. With the help of an endpoint management solution, you can set policies to only allow authorized USB devices, which can help prevent this type of attack.
  • Revise your IT policies to only give specific administrators privileges to run, execute and share resources.

For more information about the Wiper virus and how you can protect your business from malicious malware, contact your local IT professionals.

Read More


Remaining_budget_IT

It’s that time of the year again. The fiscal year is drawing to a close and you still have money left to spend. Here are 5 ways to tie up IT loose ends.

Why spend your remaining IT budget?

In practical terms, we’re looking at productive suggestions in ways that you can spend your IT budget, without it being wasteful.
Besides, if directors look at the accounts after the year end and see that a significant amount was left unspent, it would be likely that the following year could lead to a cut-back on your IT budget.

The good news is that we have plenty of ideas to share with you on ways to spend your remaining IT budget wisely.

1. Expand your Cloud service and backups

Backup

Consider extending the storage capacity or bandwidth of your current Cloud set up, which can help with productivity and protect your business against catastrophic data loss. It’s always wise to expand your current backup solution. You may have a local solution but why not extend this to an online solution? Y

Revisiting your existing backup process and tying up loose ends is a good way to prevent catastrophic data loss in the future. It’s worth considering a local backup solution that is fire-proof, such as a firesafe. Such a solution you can easily be acquired from IOSafe.

2. Invest in your workforce

training-office-staff

Train up your staff through a course or a consultant. This type of investment will not only benefit their skill set, but it will also motivate them to be productive and take on more challenging roles or tasks. This also acts an incentive to prevent job dissatisfaction and boredom by filling in any gaps in their technical skillsets. The result, having a satisfied and skilled workforce who are confident in carrying out new tasks or responsibilities.

3. Drive up your speed

Hitachi Western Digital Seagate 3tb Hard Drive reliability

We’re talking about hard drives here. It’s a common problem for them to fail, so why not invest in some, even if you don’t need them straight away. You can keep them on standby. We recommend investing in SSD, or solid state drives. They cost just a little more than the usual drives, however, they’ll start up really fast, making a noticeable difference on performance. It’s well worth investing on this if you have the leftover budget.

4. Organize the cabling

Organize_cabling

Do the cables on your server room resemble a bowl of spaghetti? If so, it’s time to consider spending some of that remaining IT budget on an effective tidy cable solution. Look to see if you need to replace old patch cables that are fraying. Try cable tidy tubes which can neatly clip and organize cables or simply hire a professional who can help untangles all those cables that are causing knots and confusion.  This investment will be worth the while!

5. Invest in marketing

Social_Media_Tree

If you’re a single person business, then consider spending the remainder of your IT Budget on digital marketing. Even the tiniest of businesses have an IT budget, which is tracked when the accounts are worked out. Be sure to spend any leftover capital on advertising your business.  This includes having blog articles written on your website, search engine advertising, or social media advertising.

For more ways to reinvest in your business’ technology, contact your local IT professionals.

Read More