- Apr 24, 2013
- 1,200
SAN FRANCISCO — The malicious software that crippled Sony Pictures Entertainment and resulted in the release of gigabytes of sensitive information was not something that even state of the art antivirus software would have picked up.
"This incident appears to have been conducted using techniques that went undetected by industry standard antivirus software," the FBI said in a statement released Saturday.
In an e-mail to Sony staff obtained by USA TODAY, the security company analyzing the attack said "the malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat."
Kevin Mandia, CEO of Mandiant, the security firm, went on to say in his e-mail, "this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared."
The ongoing cyberattack against SPE began two weeks ago. Security experts say it could portend a new era in computer assaults — one of wanton destruction and the release of embarrassing and potentially devastating data to the world.
"This is a game-changer for us in the United States, this level of maliciousness is unprecedented. I've never seen it, ever," said Jim Penrose, a former National Security Agency computer security expert now with Darktrace, a British security firm.
Sony is just the latest, and perhaps the hardest hit, in a long list of major U.S. corporations assaulted by cybercriminals in the past year. They include Target, P.F. Chang's, The Home Depot, Goodwill, Dairy Queen, JPMorgan Chase and the U.S. Postal Service.
Despite corporations spending millions of dollars on network security and the rise of hundreds of computer security firms, the attackers keep getting through.
The cost to investigate, notify and respond to these attacks is devastating. The average cost to a breached company was $3.5 million in 2014, according to a study released this year by the Ponemon Institute, which conducts independent research on information security.
Companies then pass on those increased costs for computer security, notification and, in some cases, remediation to their customers, even if those consumers don't even realize they're being affected.
A staggering 43% of companies worldwide have reported being breached in the past year, according to the Ponemon Institute. In addition, people whose credit cards or identities are compromised must also deal with replacement hassles and possible identity theft.
Read more: http://www.usatoday.com/story/tech/2014/12/06/sony-attack-new-era-nuclear-option/19963063/
