The recent hack against Sony Pictures Entertainment offers companies a lesson on the value of protecting against data loss.
Earlier this week, the FBI issued a “flash” alert on the malware behind a breach that thus far has not only leaked five unreleased motion pictures onto the Internet but also may have resulted in the theft of sensitive employee data, including salary figures and healthcare plans.
The malware is known as a “wiper” to the extent that it destroys all data stored on the Windows computers it infects. It also spreads itself over network files to attack Windows servers.
Like most other types observed in the wild, this piece of malware comes wrapped in an executable “dropper” and listens to TCP/IP port 80. What’s unique is its Windows executable “igfxtrayex.exe,” which makes four copies of itself using different command lines and issues commands to shut down the Microsoft Exchange Information Store service.
At that point, the malware tries to connect to the attackers’ C&C network before incrementally deleting all data off of the affected systems.
Some researchers are already beginning to publish their findings on the malware, but information is still forthcoming.
Wiper malware is rarely used as a method of attack on businesses based in the United States due to the fact that It renders infected computers useless rather than allowing hackers to conduct surveillance and steal information.
The motivations of the attackers are beyond the point for many security professionals, who feel that the industry should instead be focusing on trying to understand the attack and how companies should protect against it.
With an emphasis on risk management, it is recommended that businesses implement segmented networks to isolate important data stored in their networks and frequently back data.
In the meantime, businesses can also use the malware’s file structure provided in the FBI’s flash alert to help detect any potential intrusions.
“InfoSec teams need to be highly engaged with the groups that put these plans and resources together,” says Rick Holland, principal security analyst at Forrester Research. Going forward, Holland added he hopes that this incident will help companies realize the importance of early breach detection and disaster recovery plans.