News Stay informed about the latest enterprise technology news and product updates.

Report: Sony breach started with attack from Amazon EC2

An attacker rented space on Amazon’s EC2 service to wage cyber attacks on Sony Corp., according to a report.

Sony restarted its PlayStation Network and Qriocity services over the weekend and investigators have reportedly traced the attack to servers hosted on Amazon’s EC2 service.

Sony’s computer forensics team, which is investigating a massive data breach of its systems, believes the intruder rented space on Amazon’s cloud-based hosting service under a bogus name, according to a report from Bloomberg citing an anonymous source close to the investigation.

The attacker used the service as a platform to wield several attacks that crippled Sony Corp., and affected more than 100 million users of its gaming services. The breach is believed to be the largest data breach in the U.S. since the massive data breach at Heartland Payment Systems in 2009.

On Saturday, Sony partially restarted its PlayStation Network and Qriocity services, which were shut down since April 20, while the forensics team investigated the scope of the massive Sony breach.

The initial Sony breach exposed sensitive data on about 77 million Sony users. The company then discovered an outdated database from 2007, which included more than 12,000 non-U.S. credit and debit card numbers and 10,700 debit cards of users in Austria, Germany, the Netherlands and Spain.

The company has created the position of chief information security officer and implemented a number of steps to bolster security.

In a message to customers, the company said it added automated software monitoring and configuration management and bolstered encryption of passwords and other sensitive data. The company is also adding network security, boosting the number of firewalls and improving their effectiveness by ensuring they are configured properly. The company also said it added network monitoring technology that has the ability to detect software intrusions and network anomalies that could be suspicious activity.

Experts say the data security breach highlights the growing lack of awareness over the location of sensitive data at enterprises. Eric Holmquist, president of security consultancy Holmquist Advisory said it is critical for organizations to conduct data discovery on systems prior to implementing data security measures. Holmquist was interviewed recently for the Security Squad podcast.

“I’ve seen so many instances where people can evidence all the technology, all the procedures and all the policies and you say ‘great, where’s the data inventory?’ and you get blank stares,” Holmquist said. “It really is unfortunate that it often takes an event to get people to do things better.”

Harry Sverdlove, chief technology officer of Bit9 told Security Wire Weekly that the massive Sony breach is another wakeup call in a string of high profile data breaches of late. Sony was careless when it put credit card data on an unencrypted database that was easily accessible, he said. You have to know where your valuable assets are.

“From what we can tell there were some fairly obvious things Sony could have done to prevent this,” Sverdlove said. “It reinforces that if you want to have a secure posture, you don’t just look at your infrastructure, but you have to look at your assets.”

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.