The Interview Makes £9.6 Million in Online Release

Controversial Sony film The Interview has become the number one online movie ever released by the studio just four days after its release on 24 December.

The film raked in over $15m (£9.6m) and was downloaded more than two million times as of 27 December.

The film, about a fictional American plot to kill North Korean leader Kim Jong-un, was initially halted from being released by the studio.

It angered North Korea and was behind a wide scale cyber attack on the studio.

The hack from a group calling itself the Guardians of Peace led to the leaking of confidential information including upcoming movie scripts, confidential emails and actors' salaries.

The Interview saga

The Interview features James Franco and Seth Rogen as two journalists granted an audience with Mr Kim. The CIA then enlists the pair to assassinate him.

• 22 November: Sony computer systems hacked, exposing embarrassing emails and personal details about stars
• 7 December: North Korea denies accusations that it is behind the cyber-attack, but praises it as a "righteous deed"
• 16 December: "Guardians of Peace" hacker group threatens 9/11-type attack on cinemas showing film; New York premiere cancelled
• 17 December: Leading US cinema groups say they will not screen film; Sony cancels Christmas Day release
• 19 December: FBI concludes North Korea orchestrated hack; President Obama calls Sony cancellation "a mistake"
• 20 December: North Korea proposes joint inquiry with US into hacks, rejected by the US
• 22 December: North Korea suffers a severe internet outage; US authorities decline to comment
• 23 December: Sony bosses appear to change their minds, saying they will now give The Interview a limited Christmas Day release
• 25 December: The Interview is shown in some US cinemas and released online

Cited and more on this story at BBC News

Sony Cancels The Interview Release Amid Threats

Sony Pictures has cancelled the planned US release on 25 December of the film The Interview, after major cinema chains decided not to screen it.

The film is about a fictional plot to kill North Korean leader Kim Jong-un.

Hackers have already carried out a cyber attack on Sony and warned the public to stay away from cinemas screening the film.

The US government said it was considering a "range of options" on how to respond to the attack.

"We know that criminals and foreign countries regularly seek to gain access to government and private sector networks - both in the United States and elsewhere," a National Security Council statement said, adding that the FBI was leading the investigation.

"We take very seriously any attempt to threaten or limit artists' freedom of speech or of expression."

The statement came after US media quoted anonymous officials as saying that the FBI had linked North Korea to the attacks.

Cited and more on this story at BBC News

New York Premiere of Sony Film The Interview Cancelled

The New York premiere of The Interview, a comedy about the assassination of North Korea's president, has been cancelled amid threats from hackers.

A spokesman for the cinema chain due to host the screening said it had been shelved.

Hackers targeting Sony Pictures had threatened to attack US cinemas showing the studio's film.

They belong to the same group which has released emails and data stolen from Sony.

Calling themselves Guardians of Peace, the hackers mentioned the 9/11 attacks in a recent warning, claiming "the world will be full of fear".

"Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time," the hacker group wrote in a message on Tuesday.

"If your house is nearby, you'd better leave," they add. "Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment."

Cited and more on this story at BBC News

Employee Access to Confidential Data Too Great Says Ponemon

A new report from Ponemon Institute has revealed that businesses are struggling to apply the appropriate user privileges when it comes to corporate data, with over two-thirds (71 percent) of surveyed employees saying that they have too much access to confidential company data.

In a survey of 2,276 employees (1,166 IT pros and 1,110 end users) from organisations in the US, UK, France and Germany, 71 percent of end users said they had access to data they should not see, while more than half (54 percent) said that this access is either frequent or very frequent.

In addition, 80 percent of IT pros said that their firm doesn't have a strict least-privileges data model, and only 47 percent of end users said that their firms take appropriate steps to protect company data accessed by them. Conversely, some 43 percent say it can weeks, months or even longer to get access to the data they need to do their jobs.

However, most worrying of all is arguably the finding that only one in five of both groups (22 percent) felt that their organisation placed a very high priority on protecting critical information.

Cited a SC Magazine

Sony Hackers Steal James Bond Script

Eon Productions, the producers behind the upcoming James Bond film 'Spectre', have confirmed that an 'early version' of the script has been stolen and leaked by the Guardians of Peace (GOP) hackers.

In a statement published on Saturday, the company said that an ‘early version' of the screenplay had been stolen and made public by the same hackers who infiltrated the Sony Pictures Entertainment computer system. 

These hackers go by the name of the Guardians of Peace (GOP) and are said to have leaked up to 100 terabytes of data so far, and five films (including the unreleased Annie), employee records, passwords and email exchanges.

Cited SCMagazine

Cyber Attack Could Cost Sony Studio $100 Million

Sony’s movie studio could face tens of millions of dollars in costs from the massive computer hack that hobbled its operations and exposed sensitive data, according to cybersecurity experts who have studied past breaches.

The tab will be less than the $171 million Sony estimated for the breach of its Playstation Network in 2011 because it does not appear to involve customer data, the experts said.

Major costs for the attack by unidentified hackers include the investigation into what happened, computer repair or replacement, and steps to prevent a future attack. Lost productivity while operations were disrupted will add to the price tag.

The attack, believed to be the worst of its type on a company on U.S. soil, also hits Sony’s reputation for a perceived failure to safeguard information, said Jim Lewis, senior fellow at the Center for Strategic and International Studies.

“Usually, people get over it, but it does have a short-term effect,” said Lewis, who estimated costs for Sony could stretch to $100 million.

It typically takes at least six months after a breach to determine the full financial impact, Lewis said.

At this time Sony has declined to estimate costs, saying it was still assessing the impact.

Cited and more on this story at Recode

Lizard Squad Launches DDoS Attack on PlayStation Network

The PlayStation Network was down for two hours early Monday morning, according to Sony, which says that there are currently no signs of data loss.

Gamers trying to access the store at around 2 am GMT on Monday morning saw the message: “Page Not Found! It's not you. It's the internet's fault”

Sony said on Twitter that it was “aware of the issues some users are experiencing, and are working to address them” but did not go into more detail on the issue.

Two hours later and Lizard Squad – which has also been linked to numerous high-profile DDoS attacks on gaming platforms including Microsoft's Xbox Live and Call of Duty of late – as well as a hoax bomb threat against a Sony executive back in August, tweeted: “PSN Login #offline #LizardSquad.” A follow-up update from the group included a link to a YouTube video mentioning the hack.

Access was restored later in the early hours of the morning. PlayStation tweeted: “If you had difficulties signing into PlayStation Network, give it a try now.”

Cited and more on this story at SC Magazine

Judge Rules Banks Can Sue Target for 2013 Credit Card Hack

A district Court judge in Minnesota ruled that a group of banks can proceed to sue Target for negligence in the December 2013 breach that resulted in the theft of 40 million consumer credit card numbers as well as personal information on 70 million customers. The banks alleged that Target had “failed to heed warning signs” that would have stymied the banks' losses.

After the breach, multiple banks and consumers sued Target in Minnesota, where the company is head quartered. 

The decision could lead to significant changes in the way the cost of fraud is distributed among parties in the credit card ecosystem. Where once banks and merchant acquirers would have to shoulder the burden of fraud, now, potentially, the order from Magnuson could pave the way for more card-issuing banks to sue merchants for not protecting their POS systems properly.

The New York Times reports that “The cost of replacing stolen cards from Target’s breach alone is roughly $400 million—and the Secret Service has estimated that some 1,000 American merchants may have suffered from similar attacks.” 

Target had purchased and installed a new security program from FireEye just months before the breach. 

“On or about November 30, 2013, the hackers installed exfiltration malware – a program that takes the stolen information and moves it from Target’s computer systems to the hackers’ computer systems after several days,” the complaint reads. “FireEye, Target’s new security software provider, detected that the hackers were uploading the malware and alerted Target’s security team about the suspicious activity. Target’s security team took no action.”

Cited and more on this story at ArsTechnica

Sony's PlayStation Hit by Hack Attack

A hacker group has claimed responsibility for attacking Sony's online PlayStation store, which is down on Monday.

Visitors to the site are greeted with a message that says "Page Not Found! It's not you. It's the internet's fault".

A group called "Lizard Squad" has taken credit for the outage, posting "PSN Login #offline #LizardSquad" as their Twitter status.

The outage is the most recent in a series of attacks on tech giant Sony.

The Japanese firm's Hollywood film studios' corporate network was hacked into last month, followed by an online leak of unreleased movies, along with confidential information such as actors' salaries.

Sony Entertainment Network has responded by tweeting that they are aware of the issues that users are having in connecting to the PlayStation network.

"Thanks for your patience as we investigate," the company tweeted at about midnight GMT.

The disruption comes just days after the gaming console celebrated its 20th anniversary last week.

Cited BBC News

London Gets New Funding to Improve Cyber-Resilience

The Mayor's Office for Policing and Crime (MOPAC) is to receive a share of US$ 100 million (£64 million) from the Rockefeller Foundation to improve its resilience against cyber-crime and other digital threats.

Announced today in Singapore by the Rockefeller Foundation, London became one of 35 new cities to join the already 60-strong network of global cities united in the fight against cyber-crime. There were some 330 global contenders for the additional funding. Winning cities also receive a package of support and resilience-building expertise from private and public sector organisations.

This support will include the appointment of a senior City Hall officer to lead the delivery of the programme, which will run alongside existing resilience plans and initiatives at various government agencies – including the Cabinet Office and the Metropolitan Police.

Cited SCMagazine

Hackers Seek to Profit from Insider Information

Sophisticated cyber-thieves are attempting to cash in on stock markets' movements by stealing insider information, a security company says.

FireEye said the group had used a variety of tricks to access senior executives' email accounts.

And information and documents stolen via the compromised accounts had helped them predict stock movements.

The group had targeted more than 100 companies since it had begun operating in 2013, FireEye said. 

The Fin4 group stood out from other cybercrime gangs in its preference for stealing insider information from senior executives, lawyers, regulatory staff and internal risk assessors, FireEye said.

Fin4 had gone after such employees, because of their close involvement in business activities, such as mergers and acquisitions, that could influence a stock price when they became public.

More than two-thirds of the firms targeted by Fin4 had been healthcare and pharmaceutical firms, said FireEye.

Cited and more on this story at BBC News

Sony Hires Mandiant after Huge Cyber Attack

It's not been a great time for Sony over the last few years and with the recent cyber attack on the firm they have now hired in the specialists to examine how this has happened and how to mitigate in the future. 

More detail on attack - Sony Pictures was hit by a blackmailing hacker attack which enabled the attackers to shut down the IT Systems and hijack the Twitter accounts, whilst confidential documents and passwords were believed to haven been stolen. It has also been suggested that 5 unreleased Sony made films were leaked onto file-sharing websites. Amongst these titles include the Annie film, which isn't due for release until 19th December. Some speculation is being linked back to North Korea.

Sony has hired FireEye's Mandiant forensics team to clean up the damage from the recent cyber attack. 

How can we help your business combat challenges like this?

ZeroDayLab specializes in investigating large-scale intrusions performed by the most advanced threat groups. ZeroDayLab together with Mandiant uses the intelligence gathered during each investigation to improve our consultants’ ability to identify the actions of the attacker, the scope of the compromise, the data loss, the steps required to remove the attacker and the approach required to re-secure the network.

Contact hdoughty@zerodaylab.com for more information on how we can help or advise you.