Sony Advises Customers on Possible Spear-Phishing Attacks

Over the last few months, electronic giant Sony has been in the news for repeated security and data breach incidents. The recent cyber-attack by Lulz Sec resulted in security breach at Sony Pictures Entertainment. Attackers were successful in gaining access to confidential customer information. According to Sony, the security breach resulted in the disclosure of information pertaining to around 37,500 customers, as against 1 million claimed by cyber-attack group Lulz Sec. The compromised information includes personally identifiable information such as names, addresses, gender, e-mail addresses, contact numbers, dates of births, and log in credentials of user accounts. The company has issued notification letters and has alerted customers of spear-phishing attacks. Cyber-attackers may launch target-based attacks to extract further sensitive information such as social security numbers, credit card numbers, and other financial information pertaining to the affected customers. In case of spear-phishing, the e-mails appear to come from a familiar or legitimate source tricking users to reveal confidential data. In this case, attackers may send e-mails, which may appear to come from Sony Pictures Entertainment. In the recent times, attacks have become more sophisticated making it difficult for non-technical users to doubt the authenticity of the e-mail.

The company has hired external IT security and computer forensic professionals to investigate the incident. Security professionals are trying to restore the full features of the website of Sony Pictures Entertainment. The company has also notified Federal Bureau of Investigation (FBI) regarding the security and data breach incident. The company has advised users to change their passwords, after the restoration of the website. Individuals using the same password for other online accounts, must immediately change the same to prevent unauthorized access by cybercriminals.

Usually, Cyber-attackers exploit security flaws such as SQL injection vulnerabilities to gain unauthorized access to associated customer databases. Attackers may alter, delete and extract data from the accessed files. Regular assessment of the IT infrastructure and security scenario by professionals qualified in penetration testing, and IT masters degree may help organizations in identifying security vulnerabilities and initiating mitigating measures.

IT professionals may leverage online technology degree programs to understand and implement new technologies to strengthen the information security infrastructure. Timely detection of threats would ensure protection of privileged customer and business information.

Cybercriminals are increasingly making use of social engineering to gather sensitive information from employees. Fraudsters then use the collected information to launch sophisticated attacks on computer networks. E-learning and online computer degree programs may help improve security awareness and enable employees to thwart social engineering attacks.