The malware used in the Sony breach had a hard-coded password that granted access to all Sony systems. In this video, Mike Chapple explains how strong authentication practices would limit the impact of a similar breach in the future.
- [Instructor] The final lesson that we can draw…from the Sony breach is a common one…from security incidents.…Implement strong authentication.…The malware used in the Sony attack…was extremely successful because it contained…a hard-coded password that was used to make…SMB connections between systems on the Sony network.…We don't know how the attackers obtained this password,…but it served as the skeleton key…that allowed them to quickly infiltrate…the entire Sony network.…
They might've obtained it through a preliminary attack,…through social engineering,…or with inside information.…But the way that they obtained it…doesn't really matter.…What does matter is that we understand…the importance of implementing…strong authentication systems.…The first way that we can strengthen…our authentication systems against this type of attack…is by implementing multifactor authentication.…We've talked about multifactor authentication before.…And you can learn more about it…by watching the state-sponsored university breach episode…
Author
Updated
6/10/2019Released
10/8/2018Skill Level Intermediate
Duration
Views
Related Courses
-
Insights from a Cybersecurity Professional
with Mike Chapple32m 15s Intermediate -
IT Security: Key Policies and Resources
with Gregory Michaelidis23m 44s Intermediate
-
Introduction
-
The 2017 Equifax Breach
-
The Equifax breach2m 41s
-
Inside the Equifax breach3m 22s
-
Lesson 2: Move quickly!2m 36s
-
-
The 2013 Target Breach
-
The Target breach2m 43s
-
Inside the Target breach4m 55s
-
Lesson 1: Vendor management4m 21s
-
Lesson 3: Log monitoring5m 6s
-
-
The 2006 VA Laptop Theft
-
Inside the VA breach5m 42s
-
Lesson 3: Security policy4m 42s
-
Aftermath of the VA breach2m 45s
-
The 2018 Atlanta Ransomware Breach
-
The 2005 TJX Breach
-
The TJX breach2m 8s
-
Inside the TJX breach4m 3s
-
Aftermath of the TJX breach2m 27s
-
-
The 2013 Bowman Dam Breach
-
The Bowman Dam breach3m 12s
-
Inside the Bowman Dam breach5m 51s
-
-
The State-Sponsored University Breach
-
Lesson 3: Social engineering6m 19s
-
The Maersk Breach
-
The Maersk breach2m 43s
-
Inside the Maersk breach3m 37s
-
Lesson 3: Test backups4m 8s
-
After the Maersk breach2m 38s
-
-
The Sony Breach
-
The Sony breach3m 24s
-
Inside the Sony breach2m 42s
-
Lesson 1: Defense in depth2m 11s
-
Lesson 2: Offense is risky2m 23s
-
Lesson 3: Authentication2m 13s
-
After the Sony breach3m 24s
-
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Lesson 3: Authentication