Just months after Sony’s PlayStation Network (PSN) was forced offline by a cyber attack, Sony Pictures Entertainment’s systems were shut down – because of another cyber attack.
On Monday, Sony “reportedly shut down its computer network as a precaution and advised employees that resolving the situation could take anywhere from one day to three weeks” according to the BBC.
A Reddit poster said that every computer at Sony Pictures displayed an image of a skeleton, and the message: “Hacked By #GOP”. (GOP in this instance is a hacking group called Guardians of Peace.)
The message continued:
”We’ve already warned you, and this is just a beginning.
We continue till our request be met.
We’ve obtained all your internal data including your secrets.
If you don’t obey us, we’ll release data shown below to the world.”
Geek.com reports that “the hackers made off with huge haul of internal documents” and that “#GOP has already leaked a large ZIP file containing two massive lists detailing the extent of the doxxing. Most of what’s inside appears to be from the Sony Pictures finance department, including the stuff of IT guy nightmares: Excel sheets and ZIP files that appear to be full of passwords. There’s even a text file that helpfully lists the last 10 recently used passwords for something at Sony.”
Sony has issued a statement, saying it is investigating.
Protecting your network
ISO 27001 is the international standard that describes best practice for an information security management system (ISMS). An ISO 27001-compliant ISMS provides an enterprise-wide approach to information security, encompassing people, process and technology.
ISO 27001 is a heavily dependent on documentation, which is why we have created the ISO 27001 Documentation Toolkits. These toolkits contain documentation templates that will help you implement ISO 27001 faster and more effectively.