Sony-pocalypse -Sony hack exposes poor security practice

6 December 2014

In ‘Sony hack exposes poor security practices’ Warwick Ashford talks about the lessons learned from the latest Sony cyber attach.

‘According to the FBI, the malware comes wrapped in an executable “dropper” that installs itself as a Windows service.’

The big question is: How comes a dropper on my computer? And why could a dropper start itself as a service? Under normal conditions, administrative privileges are required to start a Service.

‘It also uses the command line of the Windows Management Interface (WMI) to spread to other computers on the network.’

This is definitely the most important information. If you are somewhat familiar with Windows computer networks you know, that you can install services on another computer in your network only, if you have administrative privileges on this computer.

In other word, this means that the attackers got access to a domain administrator account. Or a service account which is installed on all computers in the network, including the servers.

All this sounds like phishing and weak passwords, flavored with a missing concept for privileged account management. It’s always the same old story…

If you like to read more about the impressive technical details of the malware see this report on ars technica.

Lütetsburg Park, 53°35'55.0"N 7°15'39.5"E

Lütetsburg Park, 53°35’55.0″N 7°15’39.5″E

Have a good Weekend!

Advertisements

One thought on “Sony-pocalypse -Sony hack exposes poor security practice

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s