The Federal Bureau of Investigation (FBI) issued an alert to U.S. companies on Monday warning them of malicious software following the recent large-scale network disruption at Sony Pictures Entertainment.
According to Reuters, the five-page confidential alert included details of how Sony’s attack was successfully carried out, as well as advice on how to respond to a similar incident.
Reuters reported the notice stated, “The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods.”
Compromised systems in Sony’s California-based network displayed an ominous message last week reading “Hacked by #GOP” along with a request to meet the attacker’s demands or the confidential files would be leaked. As a result, Sony employees were instructed to avoid connecting to the corporate network or check email.
A Sony spokesperson confirmed to Reuters the company has since “restored a number of important services.”
Independent journalist Brian Krebs reported the network intrusion potentially involved the theft of more than 25 gigabytes of sensitive data on tens of thousands of current and former Sony employees, such as social security numbers, salaries and healthcare information.
Krebs also noted several files have been traded on torrent networks, including an internal audit report and dozens of employee federal tax records.
The warning to security staff at various U.S. companies comes as Sony’s attack continues to be investigated with the perpetrators still unknown, although unconfirmed allegations connecting the incident to North Korea have repeatedly surfaced.
Tripwire’s Director of IT Risk and Security Strategy Tim Erlin commented, “It’s been demonstrated over and over again that a lack basic security controls is to blame for many successful attacks.”
“Cybercriminals might start with a vulnerable Sony system on the Internet, or with a simple misconfiguration of a Sony sever, and then use this foothold to expand their reach into other parts of Sony’s network,” said Erlin.
“The industry has also seen other avenues of attack over the last year. A third-party supplier, with access to the Sony network, may have been the initial victim, as happened with Target.”