The cyber attack that turned Sony’s movie studio upside down relied heavily on old software and schemes, according to research from an Israeli cybersecurity company.
Most hackers reuse at least one component from malware that’s been deployed in the past, but the Sony intrusion relied on at least six known pieces of software, says CyActive, a digital security company based in Beersheba. These components have been used in attacks on South Korean banks and a Saudi Arabian oil company dating back to 2012.
Inventing new kinds of cyber-weapons is expensive, which is why hackers often recycle and take the risk of getting detected. Many corporate and government systems contain holes and can misidentify components of old viruses, failing to stop a new attack. Since last year, an estimated 450 financial institutions have been targeted by a breed of attack allowing hackers to remotely access computers. For those offenses, attackers reused four previously known software components.
Some hackers have been more shameless about borrowing from past heists. Last holiday season, Target was the victim of the biggest retail hack in U.S. history. Attackers relied on eight reused components for that assault, and a similar scheme hit Home Depot this year, CyActive says. Governments are still getting swindled by variations of an attack that first hit the U.S. Defense Department six years ago. It reuses a dozen components from known hacks. One of the targets this year was the Ukraine prime minister’s office, where dozens of computers had been infected, according to the Financial Times.
The effectiveness of reusing computer code from old attacks spotlights the need for corporate defenders to change their tactics and stay a step ahead of the bad guys, says CyActive. "Sony will not be the last," says Gadi Tirosh, a general partner at Jerusalem Venture Partners, a CyActive investor. Sony didn't respond to a request for comment.
CyActive released research this week detailing the extent that the Sony hackers based their attack on old viruses. Research published earlier this month from Kaspersky Labs in Moscow linked the assault to one that targeted the oil company Saudi Aramco in 2012. Sony first learned about the theft of its data last year after hackers bypassed defenses the Japanese company added in response to its last major breach in 2011, Bloomberg News reported.
While the Sony hack didn’t expose state secrets or threaten an energy company, it inflicted significant damage to the company’s bottom line and its reputation. The hackers, who the U.S. says are linked to the North Korean government, successfully pressured Sony and theater companies to halt the planned Dec. 25 release of “The Interview,” which makes fun of the country and its leader, Kim Jong Un.