Light Dark
December 2, 2014 By Shane Schick 2 min read

The first wave of the Sony Pictures hack sounded bad enough, with employees reportedly sent home from work and major systems rendered inaccessible. Now, several online reports suggest the company has been the victim of highly sophisticated malware and a major data theft.

It was reported last week that desktops at the entertainment giant’s offices were covered with an image of a red skeleton and a message from the so-called “Guardians of Peace.” The group said it had stolen data files from the company and was making threats about releasing them unless certain unspecified demands were met.

According to CNBC, the Sony Pictures hack may be getting even worse. Several of the studio’s films, including “Annie” and “Fury,” have been released online without authorization, sparking a wave of online piracy before some of the movies have even hit theaters for the all-important holiday season.

Meanwhile, the FBI has sent out an advisory to businesses about malware that may be linked to the Sony Pictures hack, ZDNet said, although neither authorities nor the company have confirmed it. The FBI document is described as a detailed analysis that suggests the malware can compromise hardware and entire networks with apparent ease.

Sony is by no means taking this attack lying down. According to Reuters, FireEye’s Mandiant unit is conducting a forensic analysis and cleaning up affected systems. Target, which was subject to a major data theft earlier this year, is among Mandiant’s other clients.

When cyberattacks take place, the fallout can include sensitive customer information entering the public domain and financial losses. In this case, there may also be damage to the firm’s corporate reputation. For example, The Daily Mail in the United Kingdom parsed some of the documents that were leaked online to show that its highest-paid executives are almost all white men.

In the long run, however, this could be just the tip of the iceberg. Budget information, passwords and other files are among the 11,000 gigabytes lost in the Sony Pictures hack, Network World said. Even personal IDs, such as passports of A-list celebrities, may be at risk.

For the moment, the company may be focused on simply getting its operations back to normal. The Verge said email systems were still offline in the wake of the attack, while media accounts for some of its films were continuing to be abused over the Thanksgiving weekend, according to the Washington Post.

 |  |  |  |  | 
Shane Schick
Writer & Editor

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature