Sony discloses information on its data breach.
By Tim Nodar, CyberWire senior staff writer
Oct 5, 2023

Sony's data breach was related to exploitation of a MOVEit vulnerability

Sony discloses information on its data breach.

Sony has confirmed a data breach that exposed the personal information of the company’s employees and their family members, BleepingComputer reports

The incident involved exploitation of a MOVEit vulnerability.

A threat actor exploited a vulnerability in Progress Software’s MOVEit Transfer platform to steal the data several days before Progress disclosed the flaw in May 2023. Sony stated, “On June 2, 2023, [Sony Interactive Entertainment] discovered the unauthorized downloads, immediately took the platform offline and remediated the vulnerability. An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement.”

The Clop ransomware gang, which exploited the MOVEit flaw to launch widespread attacks earlier this year, added Sony to its list of victims in June.

Experts expect more MOVEit-related disclosures.

Dr. Martin J. Kraemer, a security awareness advocate at KnowBe4, commented, “I don't think we have seen the end of MOVEit disclosures yet at all, nor will we any time soon. This will be a gift that keeps on giving, as attackers - like the Clop gang - seized the opportunity to smash and grab as much as possible, as quickly as possible. They will keep sifting through their plunder and keep releasing information on the dark web as suits their goals.”

Cl0p can be expected to continue its supply chain attacks, Kraemer said.“The Clop gang is known to attack supply chains as has happened with MOVEit. The incident serves as a timely reminder to keep close tabs on all software (and hardware) supply chains. With the introduction of new regulations, e.g., NIS-2 in Europe, companies must strive to secure their supply chains. With NIS-2 there even is an element of personal liability of executives for cybersecurity incidents. It is about time organizations took action.”

And he draws a lesson from this and related incidents: secure software development is vital. “The fact that all of this starts with a SQL injection attack illustrates that vendors must invest in a secure software development life cycle. This has also been highlighted in the recent IBM cost of a data breach report. Security by design must become the ‘bread and butter’ of any developer - and luckily, it is part of almost all software engineering training these days.”

(Added, 7:45 PM ET, October 5th, 2023.) Sally Vincent, Senior Threat Research Engineer at LogRhythm, offered some advice on how to respond to an incident like Cl0p's attack on Sony. "To mitigate the risk of data breaches, it is essential to adopt a strong cybersecurity posture which includes incident and response plans, and preemptive identification of malicious cyber activity. Investing in proactive prevention and detection tools will help repel any further breach attempts by threat actors and allow comprehensive visibility across the network landscape. Additionally, organizations should conduct regular data backups, prioritize educational trainings, and formulate response protocols. Although these steps will not ensure the prevention of data breaches, they will allow for aid in future responses to cyberattacks."