Sony Thailand Site Used For Phishing

The security firm F-Secure discovered that one of Sony's Thailand websites has been hacked and became host to a phishing site. It looks like the phishing site hosted on the Thailand Sony server is meant to capture data about customers of the Italian credit card company, CartaSi.

Phishing is a form of social engineering where an attacker attempts to con a user out of sensitive information by pretending to be someone they're not. Online, this is done by sending official-looking e-mails that appear to have all the qualities of a missive from a bank or other financial institution and often will lead the user to a website that looks like the login for self-same institution.

The user then enters their information on the fake website and often an error such as "down for maintenance" or "password/username cannot be authenticated" is displayed. The reason for the error is to cause the user to walk away and not consider that their information might have been stolen; or the latter is to get them to enter their data again, potentially thinking they forgot their password and thus handing the attacker more information about them.

To display these official looking websites, hackers often break into lesser-checked web servers to house their false fronts so that it's more difficult to track them down when the phishing site is uncovered. Sony's Thai server appears to have been the victim of one of these hacks and, now that it's been discovered, it can be disabled and cleansedand whatever permitted the intrusion can be locked down.

Hypponen said that the timing of the hack was unfortunate for Sony, given that it's PlayStation Network and Qriocity services were coming back online after a major cyber attack that compromised the details of millions of people. "Right now it looks especially bad," said Hypponen. "It's just bad luck and bad timing."

The incident comes at a difficult time for Sony, which is still struggling to cope with the fallout from one of the biggest hacks of all time. Phishing incidents are on the rise, thanks to the continued prevalence of automated toolkits on the underground online market, according to the latest State of Spam report from security firm Symantec. The report also found that the "overall phishing landscape" increased by over 15 per cent in April, while phishing sites created by automated toolkits grew by about 26 per cent.

This incident highlights the need for better security systems. The frequency of cyber crime is only going to increase if organizations and companies fail to pay attention to the vulnerabilities of their network security. They need to implement robust internet security initiatives, including hiring highly trained information security experts to avoid cyber crimes and security breaches. IT security professionals can increase their information security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST) to address the deficiency of technically proficient information security professionals.

CAST will provide advanced technical security training covering topics such as advanced penetration testing training, Digital Mobile Forensics, Cryptography, Advanced Network Defense, and advanced application security training, among others. These highly sought after and lab-intensive Information Security training courses will be offered at all EC-Council-hosted conferences and events, and through specially selected authorized training centres.