It would be hard to escape the hacks in recent months on many leading government bodies and entertainment corporations. It all started with Sony some time ago, in what has been classed as one of the biggest intrusions in history.
Analysis which has been supported by the US Department of Homeland Security highlights that many of the attacks in the last year could easily have been avoided with some precautions. Hackers took advantage of well known software flaws to launch their attacks.
This analysis was handled by Mitre, the US Federal contract research laboratory. Their analysis shows that Lulzsec and Anonymous were able to use SQL injection attacks to breach Sony Pictures, HBGary Federal and PBS. This flaw lets outsiders with significant skill to get access to protected databases. The analysis shows that these flaws can be fixed with very low costing.
This report has verified the claims made earlier from independent groups. They have all said that flawed programming, software weaknesses have left huge holes within company networks. They are not that difficult to find with hackers using the right scanning and software tools. Reports have been made that when new code is implemented into a company network, that it should be analysed for weaknesses, then patched as soon as possible. It would appear that Sony were running some of their network for quite some time with gaping vulnerabilities. It is only after they are attacked and when an analysis firm is brought in to find out ‘what went wrong’, then the issues are fixed. But he damage is already done by then.
The attacks by Lulzsec and Anonymous in recent months have meant that many high profile companies have changed their security measures and top firms have been brought in to file reports and suggest network improvements. Mitre have a list of 25 top flaws which they use to help companies tighten security.
Kitguru says: Are Sony safe now?