lolloj - Fotolia

Sony Pictures hack used easily available malware, destroyed computers

A '60 Minutes' interview Sunday revealed that not only did Sony Pictures fall victim to well-known, off-the-shelf malware, but that the attackers also destroyed thousands of computers and servers after stealing the data.

Last year's epic Sony Pictures Entertainment Inc. hack used well-known malware readily available on the black market and destroyed thousands of computers and servers, according to a new report.

In a television segment aired Sunday on CBS, 60 Minutes confirmed previous reports that the Sony Pictures attackers made off with the company's business secrets, unreleased movies, unfinished scripts and personal records.

However, in a surprising new revelation, after stealing the data, the attackers effectively destroyed more than 3,000 of Sony Pictures' computers and 800 of its servers.  

"For lack of a better analogy, the wiping's the grand finale," Kevin Mandia, chief operating officer of cybersecurity vendor FireEye Inc., told 60 Minutes in his first interview about the Sony Pictures hack. Mandia, whose former cybersecurity investigations company Mandiant was acquired by FireEye last year, leads the group hired by Sony to manage the response to the attack.

"That's the infamous, 'We ran into the house, we took what we wanted, and then we left the detonation charge behind us,'" Mandia added. "And then that detonation charge goes off, you're not going back to the house anymore."

The 60 Minutes report didn't specify exactly how the machines were disabled. However, Mike Oppenheim, senior threat intelligence analyst at FireEye, told that the malware in question over-wrote the master boot record of the affected systems, which rendered them inoperable.

The attackers managed to do all this with malware that was two years old and had been used before in an attack on South Korea in 2013, according to Mandia, whose firm helped the U.S. government tie the Sony Pictures hack to North Korea.

In addition, 60 Minutes reported that the malware is still available and can be bought on black markets on the "dark Web."

Jon Miller, vice president of strategy at antivirus vendor Cylance Inc. in Irvine, Calif., told 60 Minutes he was contacted by a hacker in Russia offering exploits and malware similar to the ones used in the Sony Pictures hack for less than $40,000.

"And that really is the scary part -- it does not take an overly sophisticated attack to compromise these huge global multinational brands," Miller said.

FireEye's Oppenheim agreed, saying the malware that infected Sony Pictures wasn't sophisticated -- and didn't need to be. "For attacks like this, the malware doesn't have to be that sophisticated. It was efficient," he said. "The attackers were able to get in, put this malware across the network itself, and then execute it so that it did conduct the wiping of the system."

Next Steps

Expert Kevin Beaver offers five network security lessons from the Sony Pictures hack.

Dig Deeper on Data security and privacy