No laughing matter: Cyber attacks aimed at destruction (blog)

By Chad Hemenway on December 4, 2014

???????????????????????????????Is one person, in part because he does not have a sense of humor, powerful enough to throw one of the most recognizable worldwide brands into a cyber tizzy?

Allegedly, or reportedly—whichever suffices since Sony has remained mainly silent on the matter—North Korea is the prime suspect in a massive hacking of Sony Pictures Entertainment that has given the world five Sony films online for free on file-sharing websites. Three of the four movies have yet to be released.

Why?

Apparently/allegedly/reportedly, North Korean hackers were looking to get revenge for Sony’s backing of the movie, “The Interview”—a comedy starring Seth Rogen and James Franco about a CIA plot to assassinate North Korean leader Kim Jong Un.

The FBI, Department of Homeland Security and incident-response team Mandiant of FireEye are investigating the malicious software attack, which crippled Sony Pictures Entertainment’s computer system for at least a week—making computers useless—while destroying data and exposing business documents and personal information, include healthcare records, of thousands of employees. Compensation paid to Sony executives as well as movie stars have been posted to document-sharing sites. The information includes Social Security numbers.

Scripts for unaired TV shows are reportedly also among the stolen documents by a data-wiping virus capable of scrambling Sony’s presumed safeguards for this type of attack.

Employees were using paper and pen to conduct business as some of their inoperable computers were exchanged for new ones, reported Reuters. Paper and pen!

The FBI issued a “flash warning” to tell US companies hackers have used data-wiping software to in a cyber attack.

This could be the first successful attack to destroy data in the US.

This is particularly interesting to Matt Donovan, national underwriting leader for technology and privacy at Hiscox.

“They aren’t trying to hide,” Donovan said of the hackers. “It’s just an outright attempt to delete, destroy or overwrite. No one is trying to monetize something.”

In fact, it would appear the hackers here would have some decent content and personal information for extortion purposes but that has not been the motive. Simply put, the intent appears to make Sony Pictures Entertainment’s life miserable—maybe hit it in the pocketbook; maybe embarrass it.

Donovan said data-asset insurance coverage, if part of the insurance plan, is not as frequently triggered as coverages related to a cyber attack for monetary gain. Data-asset coverage is triggered by a malicious attack resulting in a loss of data, as in what appears to be happening at Sony.

If this type of cyber attack is seen more often, underwriters “could see claims on that side of the cyber policy.”

Michael Chertoff, former secretary of the US Homeland Security, told Bloomberg a handful of destructive malware attacks have occurred around the world and could become more common.

Not just disruption, but destruction. That is certainly not funny.

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].