By Michael Erwin
It’s been a rough few months for Sony. Hackers hit the entertainment giant back in April resulting in a nearly month-long shut down of its PlayStation Network.
The cost of the shutdown: approximately $171-million dollars. Perhaps worse than that however, was the public cost. Sony’s image took a hit as personal information and credit card numbers of its 100-million users were put at risk.
Following the attacks, Sony hired security experts to figure out what went wrong. The network was rebuilt and was rendered safe and secure… or so they thought.
This week, on the same day Sony reopened its PlayStation store, the company was hit by yet ANOTHER cyber attack. More than one million customers reportedly had their information compromised.
Hacking group Lulzsec took responsibility for the attack and in a release explained why they went after Sony:
“Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.”
The recent attacks on Sony and other corporations including Lockheed and PBS have highlighted an alarming rise in corporate attacks. FireEye CEO Ashar Aziz believes this is only the beginning:
“This is the new reality. We live in a persistent state of cyber insecurity due to the lack of efficacy of traditional defenses against advanced cyber attacks.”
Aziz adds that the recent attacks are an example of the weaknesses that exist in cyber-security defenses:
“No organization, no matter how well run they are, are well protected against these kinds of attacks, considering that the new threat landscape has effectively obsoleted traditional enterprise security defenses.”
Meanwhile, it remains to be seen whether Sony can rebound from the attacks. The company remains in damage control offering a “Welcome Back” package for users that includes free games, movie rentals and virtual items for PlayStation Home. But will that be enough to appease those customers who are now checking their monthly credit card statements for any suspicious activity?
Time will tell…