Source: securityboulevard.com – Author: Richi Jennings
If true, Sony might have to push the RESET button (again).
Another day, yet another hack of Sony. This time, an emergent ransomware gang says it’s pwned the entire Sony group. But do its claims stack up?
Here’s Sony’s vanilla PR puffery: “We are currently investigating the situation and we have no further comment at this time.” In today’s SB Blogwatch, we’re not 100% surprised.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: New Rules vs. Torn.
Hackers Play in Sony’s World
What’s the craic? David Hollingworth reports—“Group Claims Hack on ‘All of Sony Systems’”:
“Ransomware-as-a-service”
Ransomed.vc has only been operating since September, despite some links to previous forums and groups. However, in that time, the group has racked up an impressive number of victims – and Sony is one of them. … The group does include some proof-of-hack data, but it’s not particularly compelling. … There appear to be screenshots of an internal log-in page, an internal PowerPoint presentation outlining test bench details, and a number of Java files.
…
The entire leak … appears to have less than 6,000 files – seemingly small for “all of Sony systems.” Included here are build log files, a wide range of Java resources, and HTML files. … Ransomed.vc appears to be both a ransomware operator in its own right, and a ransomware-as-a-service organisation.
Yikes. Duncan Riley drives the point home—“Ransomware gang claims to have hacked Sony”:
“Compromissed”
The group … originally posted the details of the hack on both its regular internet site and its dark web site. However, the group’s regular site has been taken offline along with its social media accounts.
…
The hack is still listed on its dark web site … with the group claiming to “have successfully compromissed [sic] all of sony systems,” and that it’s not interested in ransoming the data and instead wants to sell it. … Sony has neither confirmed nor denied that it has been hacked.
Déjà vu? Tom Ivan feels it, too—“Ransomware group claims to have breached ‘all Sony systems’”:
“Compensation”
In 2011, Sony’s PlayStation Network suffered a massive breach that resulted in the personal details of approximately 77 million accounts being compromised and the service being taken offline for 23 days. Sony initially estimated the hack would cost it more than $100m.
…
Sony eventually faced as many as 55 class action lawsuits and agreed to offer compensation. … “You are the lifeblood of the company,” PlayStation’s US boss Jack Tretton said at the time. “Without you, there is no PlayStation. I want to apologise personally. It’s you that causes us to be humbled and amazed by the support you continue to give.”
And more in 2014. ohthehugemanate remembers:
Before … 2011, Sony’s [executive director of information security, Jason Spaltro] made a career of giving high profile talks about, essentially, reducing your IT budget by not doing security. Don’t do pentests, don’t do audits – they only uncover issues for your teams to fix! Certifications are an industry that sells you problems, he said. Ignore and skimp on the whole thing. IIRC, there was even a great talk about how to ignore your engineers when they say something is urgent.
He didn’t get fired after the first round of hacks, and he wasn’t fired after the 2014 round either. I wonder where he is now?
Wait, what??? MpVpRb has the inside track:
I worked at Sony years ago. The head of US IT was an amazingly smart guy.
…
For one reason or another, he quit and his assistant was put in charge. After a while, he quit as well and eventually the most junior person in the group was put in charge. … Something about the management culture pushed out all of the talented people.
How did Sony try to prevent it happening again? u/oboshoe bought the T-shirt:
Last time they got hacked, they replaced their entire IT infrastructure: All the switches. All the routers. All their servers. All the workstations. Everything.
Insurance paid for it. They rebuilt from the ground up because they weren’t sure where the malware was hiding.
I’ve worked IT for a really long time and had a lot of customers. … This is the only complete IT infrastructure replacement I have ever seen. … I was working for one of their vendors. We felt bad, but the account manager made a bundle.
Might have been cheaper to pay the ransom. ilyt disagrees:
Leave a backdoor, steal again in 4 months presenting different hacking group name, cash in … again. The money is better spent improving security.
It’s not surprising, then. gweihir sure ain’t surprised:
Would not surprise me. Remember when Sony had no internal email for 6 weeks or so?
…
They pretty much have a history here. … Apparently they have not fixed their shoddy IT security practices. … If Sony had most/all systems breached by a non-state-level-actor, then they are incompetent.
Meanwhile, u/WALKAW thinks it’s a head-scratcher:
Saying you “breached all of Sony’s systems” doesn’t even make sense. … The idea that say Sony Playstation and Sony Electronics and Sony Music are somehow on some connected systems that would grant each other access to each others systems makes no sense.
And Finally:
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Nikita Kostrykin (via Unsplash; leveled and cropped)
Original Post URL: https://securityboulevard.com/2023/09/sony-hacked-ransomed-vc-richixbw/
Category & Tags: Analytics & Intelligence,Application Security,AppSec,Blockchain,CISO Conversations,CISO Suite,Cloud Security,Cyberlaw,Cybersecurity,Data Privacy,Data Security,Deep Fake and Other Social Engineering Tactics,DevSecOps,Digital Currency,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Malware,Most Read This Week,Network Security,News,Popular Post,Ransomware,Securing the Cloud,Securing the Edge,Security at the Edge,Security Awareness,Security Boulevard (Original),Security Operations,Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,CISO,Ransomed.vc,SB Blogwatch,Sony – Analytics & Intelligence,Application Security,AppSec,Blockchain,CISO Conversations,CISO Suite,Cloud Security,Cyberlaw,Cybersecurity,Data Privacy,Data Security,Deep Fake and Other Social Engineering Tactics,DevSecOps,Digital Currency,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Malware,Most Read This Week,Network Security,News,Popular Post,Ransomware,Securing the Cloud,Securing the Edge,Security at the Edge,Security Awareness,Security Boulevard (Original),Security Operations,Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,CISO,Ransomed.vc,SB Blogwatch,Sony
