Sony’s woes continue as web properties of Sony’s and their affiliates continue to succumb to attackers. The total body count thus far comes to at least 7; with the last few being Sony’s sites in Canada, Greece, and Thailand.
It would seem that the success of the initial attacks might have encouraged others to try their luck on other Sony web properties. The impetus for this might be that if Sony’s Playstation Network can be that susceptible to an attack, some hackers might wonder what else might be up for grabs. It could very well be that Sony utilized the same approach to application development and thus suffer from the same Achilles’ heel elsewhere, or that they may not have a sufficient security practice in place to thwart attacks. Beyond this, another possible weakness that many organization suffer as a consequence of doing business is that new improvements are often times stacked on top of pre-existing older code, which can be like stacking new bricks on an old house over time, the other portion then to fail under stress and weight of the newer layers. This is further complicated by the fact that employees (i.e., developers) do flow in and out of an organization; so when developers leave, others that fill their place and assume responsibility for their code might not necessarily be aware of existing underlying issues or write code in a consistent or secure manner, which leaves room for weaknesses.
The scary truth is that at the end of the day, Sony is not unique in the issues they face. The challenge is there for almost every company out there for the same reasons above.
Mykonos Software’s Chief architect discusses the Sony PlayStation hack with PC World.
In recent news, Fox.com was successfully hacked and compromised. The group Lulz Security have claimed credit for the attack.
As a consequence of the attack on Fox.com, more than 250,000 X-Factor potential contestants may have had their personal information compromised. Additionally, as many as 300 Fox Broadcasting employees have fallen victim. Lulz Security have begun releasing the email and passwords of those employees, and have indicated that they will keep leaking of the compromised data every Monday.
A second Sony site was shutdown earlier this week, after the company noticed that it was breached. Sony maintains that this is part of the original April attack.
Regardless of whether the this is something that this is the same attack or not, the consequence is clear. The cost of inadequately secured web apps and sites can be extremely detrimental to companies both from a financial and legal perspective.
Thus far, according to the Wall Street Journal, Sony has disclosed that 77 million accounts have been affected in the original April attack. While in the latest discover breached site in May, another 24.6 million accounts were compromised. This brings the total to 100 million customer accounts. Embarrassment is the least of Sony’s worries as it’s been report that suit is being filed against the company by its customers.
Sony should serve as a lesson to many of the importance of securing one’s website from attacks. As the saying goes, “the best defense is a good offense,” which in our opinion underscores the importance of being able to detect and prevent attacks before it happens and not after.