Thousands could launch Sony-style cyber attack, says ex-hacker
Ninety percent of companies are vulnerable to a crippling hack, experts tell “60 Minutes”
The chances of another company suffering the devastating effects of a cyber attack like the one perpetrated on Sony last year are not as remote as we would like to believe, security researchers say.
Given the current security levels for most companies, 90 percent of them would be vulnerable to such an attack, which destroyed 3,000 computers and released sensitive information and proprietary content, security experts tell “60 Minutes.” And there is no shortage of technically proficient people willing to launch such an attack, said Jon Miller, a former hacker who now serves as vice president of strategy at Cylance, an antivirus software maker.
“There are probably a couple thousand, three, four, five-thousand people that could do [the Sony] attack today,” Miller tells “60 Minutes”‘ Steve Croft in an interview airing Sunday evening on CBS television stations. “Not all of them are in friendly countries and the number is growing rapidly.”
The Sony hack is just one of many recent security breaches that have exposed huge caches of sensitive data belonging to individuals, corporations and governments — data that could enable further criminal activity or assist in government espionage. The tools to conduct such an attack are readily available from Russian hackers for about $30,000, Miller says.
“It truly, truly is the Wild West right now,” Miller said. “What we’re seeing are people getting pulled out onto the street and shot and it’s like ‘Where’s the Sheriff?’ There’s no sheriff.”
Complicating things for companies is the sheer number of computers that must be protected, usually from the employees operating them, said Kevin Mandia, chief operating officer of FireEye, the anti-malware company that worked with Sony to mitigate the effects of the hack.
“The advantage goes to the offense in cyber,” Mandia says. The defense must defend every computer, thousands in some cases, but “the offense side thinks, ‘I only need to break into one and I’m on the inside.’…Nation-state threat actors, or hackers, target human weakness, not system weakness.”