• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   Burning Down the House: Sony was not alone

Burning Down the House: Sony was not alone

  • Posted on:September 30, 2015
  • Posted in:Security
  • Posted by:Tom Kellermann
0

As the anniversary of the massive Sony breach approaches, the magnitude and devastation of the hack continues to reverberate with the threats U.S. government agencies and enterprises consistently face. We should be cognizant that Sony was not alone.

A recent Trend Micro report, “Cybersecurity and Critical Infrastructure Protection in the Americas,” polled more than 500 CISOs from Argentina to Canada and revealed an ominous phenomenon. Forty four percent of respondents acknowledged that they have experienced a “delete and destroy” attack in 2015. Within the Western Hemisphere it’s clear that punitive attacks have metastasized. In a hearing earlier this month, U.S. Director of National Intelligence James Clapper stated that he believes “the next push on the envelope is going to be the manipulation or the deletion of data.”

Director Clapper is well aware asymmetrical cyber capabilities are being distributed widely. The major dark web forums are exporting destructive payloads including Shamoon, Destover and Cryptowall. As a result, cybercriminals are devising sophisticated and damaging attacks. We have observed that secondary infections are manifesting in numerous targeted attacks. These secondary infections have the capability of deploying disruptive or, often times, destructive malware that could destroy the integrity of information. This punitive tactic is employed to counter incident response.

Security analysts are left wondering if destructive secondary infections are a reaction by adversaries to try and “burn the house down” after it has been pilfered. Alternatively, detonation might be the hallmark of hacktivists purposefully attempting to destroy and/or manipulate the integrity of data. Without question, there’s a movement afoot to hinder, if not completely disrupt, the capacity of incident responders to react to cyber events.

The free fire zone of cyberspace has become dramatically more hostile. In order to successfully thwart this ominous phenomenon, the ‘dwell-time,’ or the amount of time an adversary resides in a system, needs to be dramatically decreased and incident response times improved. The only way this can be accomplished is through integrating breach detection systems with SIEMS and IPS systems.

Rather than having human beings sitting at terminals, machine-to-machine integration would be much more effective. Furthermore, immediately terminating command and control is not always the solution, considering most campaigns include multiple and dynamic C2. Termination of the initial C2 will alert the criminals that they are being surveilled.

Offense must inform defense. Cybersecurity professionals approach these adversaries with stealth to defend against an attack. By adopting more surreptitious monitoring and isolation methods to keep perpetrators at bay, security teams can be better positioned to gain an advantage in the ongoing cat-and-mouse game that continues to evolve in sophistication and aggression. When suffering a virtual home invasion, it is sometimes best not to make your presence known.

Related posts:

  1. Sony CEO questions data security
  2. Sony looks to bolster data security with new hires
  3. After another breach, Sony freezes PSN accounts (breaking news)
  4. The White House Summit on Cybersecurity and Consumer Protection: What it Means and Why it’s Important

Security Intelligence Blog

  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
  • Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Answering IoT Security Questions for CISOs
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • How To Be An Informed Skeptic About Security Predictions
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Trend Micro Selected as Launch Partner for AWS Ingress Routing Service and Stalkerware on the Rise
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Shared Responsibility Model
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • What Worries CISOs Most In 2019

Follow Us

Trend Micro In The News

  • Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy
  • Trend Micro Partners with Snyk to Fix Vulnerabilities for DevOps
  • Trend Micro Partners With Snyk To Advance DevSecOps
  • Hackers to stress-test Facebook Portal at hacking contest
  • NEW TECH: Trend Micro inserts 'X' factor into 'EDR' - endpoint detection response
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.