Sony Thailand Server Becomes Host for Phishing Site

Due to recent circumstances, Sony has found themselves in the limelight recently due to PSN downtime after massive data breaches. As a result, we’ve been noticing a lot more about how poorly guarded many of their websites seem to be. This time, the security firm F-Secure discovered that one of Sony’s Thailand websites has been hacked and become host to a phising site.

As F-Secure reiterates in their article on the matter, this hack has nothing to do with what happened to the PlayStation Network; but it is a signal that they’ve got a lot more cracking down to do amid all of their common holdings:

We know you’re not supposed to kick somebody when they’re already down… but we just found a live phishing site running on one of Sony’s servers.

However, this incident has nothing to do with the Sony PSN hack.

Basically this means that Sony has been hacked, again. Although in this case the server is probably not very important.
Sony has been notified. The malicious URL is blocked for our customers.

As many people might already know, phishing is a form of social engineering where an attacker attempts to con a user out of sensitive information by pretending to be someone they’re not. Online this is done by sending official-looking e-mails that appear to have all the qualities of a missive from a bank or other financial institution and often will lead the user to a website that looks like the login for self-same institution. The user then enters their information on the fake website and often an error is thrown up (down for maintenance or password/username cannot be authenticated.) The reason for the error is to cause the user to walk away and not consider that their information might have been stolen; or the latter is to get them to enter their data again, potentially thinking they forgot their password and thus handing the attack more information about themselves.

To house these official looking websites, hackers often break into lesser-checked web servers to house their false fronts so that it’s more difficult to track them down when the phishing site is uncovered. Sony’s Thai server appears to have been the victim of one of these hacks and now that it’s been discovered it can be disabled and cleansed—and whatever permitted the intrusion can be locked down.

Modern browsers, e-mail clients, and antivirus software contain anti-phishing mechanisms that recognize when a link in an e-mail is misrepresenting its source but nothing really substitutes about being vigilant about what sites users visit and where they enter their password information.

It looks like the phishing site hosted on the Thailand Sony server is meant to capture data about customers of an Italian credit card company, CartaSi.

Sony’s recent woes include a timeline outlining a litany of bad security, bad luck, and attempting to mollify their customers in the wake of almost three weeks of PlayStation Network service downtime. The events in question even brought them under the scrutiny of the US Congress. If that wasn’t enough, an exploit was discovered last week in the newly restarted PSN services involving user password resets.

All this together has taken a toll on Sony’s revenues, revising their estimates for 2011 to a net loss of $3.2 billion—a reversal on their previous prediction of a net profit. Likely this has been due to a number of factors, but the PSN downtime, spending over $170 million on identity theft insurance for their customers, and other PR nightmares have probably played a substantive part.