Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The Sony breach may be start of new nation-state cyberattack

Patrick Thibodeau | Dec. 19, 2014
Sony attack was unusually sophisticated, ruthless.


It has been an exceptional year for IT security breaches, which have become part of an escalating trend in destructive attacks. And they're going to get worse.

The Sony Pictures cyber attackers are doing everything they can to inflict damage on the company. They have released films, emails, medical records, and all sorts of confidential data, and are making threats of physical attacks in conjunction with the release of The Interview, a comedy about the attempted assassination of the North Korean president. On Wednesday, Sony canceled the Dec. 25 release of the movie after theater chains said they would not show the film because of the threats.

The Sony breach has the earmarks of a nation-state operation because of its sophistication and ruthlessness, and on Wednesday, U.S security officials told the New York Times  they had concluded that North Korea was behind the Sony cyberattacks.

There is also serious speculation that the October attack on JP Morgan Chase, which compromised some 76 million records, was also orchestrated by a nation-state -- possibly a retaliatory move by Russia over Ukraine sanctions. In 2013, the Iranians were blamed for denial-of-service attacks on U.S. banks.

The sources of the JP Morgan and Sony attacks have not been officially confirmed, but Avivah Litan, a security analyst at Gartner, is convinced that what we are seeing is a new type of nation-state attack.

For years, the Eastern Europeans and Russians have been going after point-of-sale systems and credit card processors, and the Chinese have been involved in espionage against private sector firms, Litan said.

"But the big new thing is the nation states," she said. Russia, North Korea and China "are going after private sector companies in a very public way."

Litan said this trend of nation-state attacks will escalate.

"More political differences will be fought in cyberspace, and nation-states will retaliate against U.S. companies to make political points," Litan said.

"Private sector companies are not equipped to deal with the force of the nation states," she said. "They don't have the resources to fight them off. It's a national security issue, and there needs to be a national strategy to try to stop it. "It's really pretty serious," she said.

Litan described what's going on as warfare, and if that's the case, there's evidence that businesses are trying to put their IT security on a war footing.

For example, jobs in cybersecurity are growing. Dice, a technology employment site, said ads for jobs in cybersecurity were the fastest growing in the IT field this month. Compared with December of last year, cybersecurity job ads have increased 77%, from 1,606 to 2,842 as of Dec. 14.


1  2  Next Page 

Sign up for Computerworld eNewsletters.