Malware Used To Wipe Sony's Drives Was Quick And Dirty



north_korea_border_now-640x446It's still not clear (and it may never be discovered) how the Democratic People's Republic of (North) Korea (DPRK) hackers came in, perhaps they used all available threat vectors since Sony's security was so lax: mis-configured servers, software vulnerabilities and social engineering spear-phishing emails to employees. 
But CERT said: "Cyber threat actors are using an SMB worm to conduct cyber exploitation activities. This tool contains five components – a listening implant, lightweight backdoor, proxy tool, destructive hard drive tool, and destructive target cleaning tool."
Quick And Dirty
However, an analysis by security researchers at Cisco of a malware sample that matches the MD5 hash signature showed that the code was full of bugs and anything but sophisticated. They compared it to the software equivalent of a crude pipe bomb.
Put next to other state-sponsored malware, "It's a night-and-day difference in quality," said Craig Williams, senior technical leader for Cisco’s Security Group, in an interview with Ars Technica, "The code is simplistic, not very complex, and not very obfuscated."
Heck, it does not take a lot to wipe a disk. Remember the old "Format C:\" command? Here are the CERT details. Alert (TA14-353A) Targeted Destructive Malware:
To start with, at least you can do something about social engineering right away. The brand new, updated Kevin Mitnick Security Awareness Training 2015. Find out how affordable this is for your organization:
Get A Quote Now



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews