High-profile hacking (Sony etc) so prominent?

[StormerBoy]

Why is high-profile hacking (Sony etc) so much more prominent now than it was years ago? Years ago computer security was but a fraction of what it is today, so surely it should be at an all time low?

 

When Taylor Swift's Twitter was hacked, did that mean someone had literally guessed her password or had they compressed Twitter's security?

Edited February 7, 2015 by StormerBoy

[sivispacem]

It's more prominent because the world is so much more interconnected. I don't think it's much more prominent or prolific than it has been in the past, or that the targets are any bigger- just that it's now in the mainstream what with celebrities and the like being targeted. "Security" is a relative concept.

 

Most Twitter hacks are social engineering. Sometimes it's a guessed password, but usually people employ multi-factor authentication. So instead people target the humans who work customer support at Twitter and trick them into divulging information about other people's accounts.

[dice]

These "hacks" can be as simple as employees opening suspicious email atachments. Whatever way an attacker could get malware on your computer can work for someone like Sony aswell

[sivispacem]

Well, not quite.

 

Compromising a single host is as easy as convincing someone to execute a malicious email attachment. But that's the really, really easy bit. The hard bit is moving undetected through their network, harvesting credentials to allow you to escalate access and connect in using legitimate services like VPN systems or RDP without relying on noisy malware, understanding the network topology to the point you can actually access the data you one, get it, exfiltrating it without being detected and cleaning up afterwards.

[dice]

This is true, but I'm fairly certain only a small percentage of attackers have or need that specific knowledge, most of the hard work is done with various rootkits through time

Edited February 7, 2015 by dice

[sivispacem]

It isn't. You might get lucky and find an accessible database vulnerable to SQL injection and acquire data that way, but the overwhelming majority of large-scale targeted compromises involve establishing persistence, lateral movement and AoE.

 

A rootkit is simply a persistence mechanism to maintain access on a single host by manipulating the operating system to hide the presence of malware.

[dice]

My point was people aren't exactly writting their own malware for their specific attacks, but rather use the tools available to them either because the appropriate tools already exist or they lack the knowledge to pull it off. Europol belives only around 100 people are capable of writting such code.

[sivispacem]

The kingpins aren't the people who write the malware. They're the leaders of the organised gangs who pay for it to be produced, distribute it, run the associated botnets and bulletproof hosting.

 

People capable of writing reasonably advanced malware aren't exactly common, but there are many many more of them than 100. It's a bit of a moot point anyway seen as the builders for many different kinds of malware are freely available in on the internet. Poison Ivy, which has been used in targeted attacks conducted by the Chinese against the US defence industry for about 10 years now, can simply be downloaded from it's official website.

 

Some particularly advanced groups write their own malware when they have a specific requirement in mind- like ensuring the minimum noise possible, or capabilities like stealthy DNS data exfiltration. Most have access to either off-the-shelf tools, or to existing malware families commonly sold on the black market; sometimes they'll modify them, particularly in the case of targeted attacks, but often they won't. Malware-as-a-service is a really big problem.

[MyName'sJeff]

Simply because technology is never going to be safe from sh*t like this. And considering technology is getting better, in a way its getting more prone to risks and open to attacks as technology over time gets more familar to people. And clever people, regardless if they are criminals or the opposite, will find ways to dominate technology for various reasons. I think Sony gets hacked time to time because sometimes, the security measures need to be pushed to a certain limit to see how much protection is offered and it can help improve the service, but usually the other motive is simply criminal methods and or trolls messing about.

[sivispacem]

Sony got hacked because they have sh*t OpSec and therefore represent low-hanging fruit. They get hit on an alarmingly regular basis because they're astonishingly crap at maintaining the security and integrity of their networks.

[MyName'sJeff]

Which is why I said that their security needs to be pushed to the limit. Because clearly, either they are f*cking stupid or just don't have the damn talent to get their sh*t fixed. I'd rather see them constantly get hacked, take a while to do maintenance and actually do a meeting so they can fix the lack of security. Considering they have money problems on the whole, maybe they might actually do something once they sell all the divisions that are absolutely useless to them coz it ain't going to be cheap to tighten the security up significantly.

Edited February 9, 2015 by MyName'sJeff

[sivispacem]

You say that but the actual estimated cost of the last hack was surprisingly low- only $15m or so. But given various parts of them have been done by hacktivists, advanced attackers and this time North Korea if you believe the FBI, the Russians if you believe some people in the infosec community and insiders if you believe the rest, yeah they really need to get a handle on it.