Questions remain after FBI charges North Korea with attack on Sony Pictures

FBI says that DPRK was responsible, but the evidence is questionable

1 2 Page 2
Page 2 of 2

Adam Kujawa, head of Malware Intelligence at Malwarebytes:

"This evidence does point fingers at North Korea but once again, anything can be faked on the Cyber Front. Until there is additional confirmation by NK and/or more intelligence released by the U.S. government, public opinion should remain neutral.

"Although, the evidence supplied by the FBI currently is compelling enough and based on historical data acquired during confirmed North Korean tactics. The big question here is, what we know about NK is that they like to brag when they do something, yet they have announced, not only to the world but also to their own information-censored country that they didn’t do anything.

"There are other factors that don’t quite add up, for example it wasn’t until after the news started reporting that NK might be behind the attack and it was all started because of “The Interview” that the GOP attackers started claiming it was what they were after. Until we know all the facts, and I seriously doubt we will ever know them all, making quick assumptions and jumping the gun is ill advised. Once again, it’s completely possible to fake your identity on the internet and even more so to point the finger at someone else."

John French, AppRiver:

"I don’t find it surprising that malware could have been on Sony Picture’s network for months and went undetected. Apparently, the malware was customized for the attack, meaning that if the malware went initially under the radar when it was introduced into the network, it would be unlikely to suddenly get detected since shutting down anti-virus is usually the first step in malware.

"There are other ways to look for malware infections such as network anomalies but the difficulty in catching malware after a successful infection increases significantly on such a large network. This is where sharing malware with the security community could help other vendors catch up and make sure they are blocking it. Even if they don’t want to release it publicly it may be worth sharing with major AV companies to help prevent further infections."

Secretary Johnson, DHS:

"The cyber attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life.

"This event underscores the importance of good cybersecurity practices to rapidly detect cyber intrusions and promote resilience throughout all of our networks. Every CEO should take this opportunity to assess their company’s cybersecurity. Every business in this country should seek to employ best practices in cybersecurity."

Copyright © 2014 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 hot cybersecurity trends (and 2 going cold)