You’re wondering: what’s this got to do with me? You’ve all heard about the debacle with Sony Pictures and the film: The Interview. Quick recap. Sony made a film wherein the supreme leader of the DPRK met his death. In response to this, Sony was hacked. Shortly afterward, there was an investigation by the US Cyber Emergency Response Team (US-CERT). While the resulting alert does not specifically name Sony, we can make the connection on our own. Here’s the alert: https://www.us-cert.gov/ncas/alerts/TA14-353A.
This is a destructive SMB Worm which would potentially allow the attacker to transfer files and perform destructive commands on the computer. SMB or Server Message Block is a Microsoft file sharing protocol that has been around for years. It’s what you use when you connect to any Windows file share. The worm (as a worm does) tries to install itself on other computers on the local network. The worm, as the US-CERT article mentions, was implanted via a dropper.
So, here’s where this is relevant to you. The dropper type of attack is a means to an end and anybody can fall for it. Commonly droppers are distributed as email attachments. The dropper itself is relatively harmless. If the email is well-crafted (spear phishing) and the recipient is uninformed, he might open the attachment and run it. In modern operating systems, you might have to verify and authorize the installation on several levels. Nevertheless, an uninformed target may willingly click through all warnings and requests for authorization, ultimately installing the dropper. The dropper will then attempt to install other malware silently.
This is where it got bad for Sony -- and this could happen to any company. A computer at Sony, likely a desktop or laptop computer, was hijacked and used as a proxy to obtain all sorts of sensitive data. Read the US-CERT article to get a sense of exactly how destructive this malware can be. The malicious hacker group obtained a huge number of files from Sony. The list of files along with instructions for obtaining specific files was distributed on the internet. One can go and find it right now if one wants to. Some journalists apparently took the extra step to obtain specific files and review them. Check out this Vox article.
A recent study gives a conservative estimate of $375 Billion in global losses resulting from cybercrime.
Jim Lewis estimates
Look, I don’t know what really happened in the case of Sony and I’m sure only a handful of people actually do know what happened. Regardless, this case highlights the importance of internal security and awareness.
Keep your company informed of these threats, phishing scams, dropper scams Patch operating systems and network devices often Run regular scans and/or proactive endpoint protection, with products such as ThreatTrack Vipre anti-virus and Malwarebytes anti-malware. Make security a priority and maintain a security mindset in your company
It may just be coincidence, but on the same day that US-CERT released the Targeted Destructive Malware Alert, a few other alerts/vulnerabilities were posted.
- FTC Releases
"Package Delivery" Themed Scam Alert
Identified in Network Time Protocol Daemon
Cookie" Broadband Router Vulnerability
Perhaps some of them are related and discovered as the result of the same investigation. In any case, the FTC “Package Delivery” scam alert is an important one for you. It’s a quick read which links to more in-depth document about Recognizing and Avoiding Email Scams.
If you have the time, and you want to make security a priority in your company, please read this helpful document posted by US-CERT:
Read more about Amoeba Networks Security and Compliance services here:
"Thank you for reading!"