Insight and analysis on the data center space from industry thought leaders.
The Sony Hack: A Bitter Multi-Motive Pill to C.H.E.W.
Cyber-attacks continue to grow dramatically in their virulence and when successful, these attacks can result in major, potentially irreparable damage, writes Carl Herberger of Radware.
December 23, 2014
Carl Herberger currently manages Radware’s security practice in the Americas. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations.
Have you ever been in a noisy room when suddenly an unbelievable new sound manages to silence all other sounds immediately? Well, that’s how 2014 is leaving the world of information security professionals - with a piercing sound that received everyone’s attention.
Already a watershed year for cyber security, we close out 2014 with a story of unparalleled scope in the high profile attack on the Sony Corporation. The attack reinforces much of what we have seen during the past 48 months: that cyber-attacks continue to grow dramatically in their virulence, and when successful, these attacks can result in major, potentially irreparable damage. It is far too early to know the long-term impact of this event on Sony. But when one considers the results of lost sales and reputational damage, it is not out of the realm of possibility that they never fully recover.
Who Was Behind it and What Were Their Motives?
So, naturally everyone wants to know who was behind this attack, and what their motives were. Every day, coverage of the attack brings a healthy mix of news, rumor and political rhetoric. At the time of writing, the U.S. government has issued statements confirming the involvement of North Korea, who in turn, has denied involvement.
Like any area of technology, information security has its own “acronym soup” that emerges as a language, of sorts, for practitioners and followers alike. In the case of the Sony hack and its motives, the acronym that comes to mind is C.H.E.W., popularized by Richard Clarke, former Special Advisor to the President of the United States on cyber security. Clarke outlined C.H.E.W. to categorize common cyber-attack motivation as follows:
Cyber Crime: an attack where the primary motive is financial gain
Hacktivism: attacks motivated by ideological differences. The primary focus of these attacks is not financial gain but rather to persuade or dissuade certain actions or voices
Espionage: an attack with the straightforward motive of gaining information on another organization in pursuit of political, financial, capitalistic, market share or some other form of leverage
Warfare: the notion of a nation-state or transnational threat to an adversary’s centers of power via a cyber-attack
One of the interesting aspects of the Sony attack is that it blends aspects of multiple motive categories. It has been well covered how many of the attacks in 2014 constituted “multi-vector” attacks, i.e., they leverage a variety of protocols and technology vulnerabilities to create a more complex detection and mitigation scenario for the target. What is also now clear, and on display in the Sony attack, is the emergence of “multi-motive” attacks … a blurring of lines across the C.H.E.W. principle.
Most would consider the Sony attack principally a hactivist-driven attack. North Korea’s statements about “The Interview” representing “an act of war” both prior to and following the attack make it clear that the film represented a serious collision of ideological views. So would this attack be considered an act of warfare? It’s likely that most wouldn’t call the attack itself an act of war, but the escalating dialogue between the U.S. and North Korean governments exhibit the increasing interrelation between cyber security events and broader elements of domestic policy.
Nobody is Immune in Today’s Complex Threat Landscape
A reality of today’s cyber-attacks that is highlighted by the attack on Sony is that no organization is immune. While Sony may have its various detractors, they wouldn’t generally fit the profile of organizations that in the past would be considered a high risk target. In particular, Sony Pictures as an organization focused on entertaining the masses wouldn’t have fit that profile. But the situation around the subject matter in the film goes to show how one man’s comedy can be another man’s (or in this case nation’s) declaration of war.
We recently launched our Global and Network Security Report that gives a broader range of industries and organizations of varied size that have become targets of cyber-attack. Part of the report shares a representative view of industries and their tendency toward more frequent attacks in what we refer to as the “Ring of Fire.” One of the more notable changes to this year’s Ring of Fire is the addition of the healthcare industry as one more commonly attacked than in past years. And perhaps no other healthcare organization’s situation highlights this better than the experience of the Boston Children’s Hospital, which became the target of a serious Distributed Denial of Service (DDoS) attack in 2014. Who would want to target such a seemingly altruistic organization you might ask? In this instance, the Boston Children’s Hospital found itself tangentially involved in a controversial child custody matter, providing necessary care to the child in question. The case highlights how organizations at the surface level would appear to be odd targets, but get pulled into broader hactivist activities.
It is clear that each year brings with it new challenges for IT and information security teams working to protect system and data availability and confidentiality. The DDoS attack on Boston Children’s Hospital and the breach that felled Sony, act as a stark reminder that no organization is immune and how effective a multi-motive attack can be. So effective, that several movie theaters became collateral damage by receiving threats of terrorism and physical violence if they were to show the film.
Regardless if “The Interview” is ultimately released on the silver screen or perhaps finds its way to the public via video on demand, one thing is clear: the threats are real and the challenges are complex. But the klaxon is sounding—and we must take meaningful action to prepare against emerging attack trends and techniques.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.
About the Author
You May Also Like