Brian Krebs, the cyber security expert, has discovered three disturbing data breaches over the last few days.
Adobe. Brian discovered the compromise of source code for several Adobe products and 3 million customer accounts. The attack appears to have started in mid-August of this year.
LexisNexis/D&B/Kroll. The databases of these three databrokers appear to have been compromised in April of this year. The bad guys installed bots that allowed them to mine data and sell the data in a massive identity theft scheme. In addition to supporting massive identify theft, this data breach undermines the entire knowledge based authentication business. Quoting KrebsonSecurity:
Avivah Litan, a fraud analyst with Gartner Inc., said most credit-granting organizations assess the likelihood that a given application for credit is valid or fraudulent largely based on how accurately an applicant answers a set of questions about their financial and consumer history.
These questions, known in industry parlance as “knowledge-based authentication” or KBA for short, have become the gold standard of authentication among nearly all credit-granting institutions, from loan providers to credit card companies, Litan said. She estimates that the KBA market is worth at least $2 billion a year.
“Let’s say you’re trying to move money via online bank transfer, or apply for a new line of credit,” Litan proposed. “There are about 100 questions and answers that companies like LexisNexis store on all of us, such as, ‘What was your previous address?’ or ‘Which company services your mortgage?’ They also have a bunch of bogus questions that they can serve up to see if you really are who you say you are.”
National White Collar Crime Center (NW3C). NW3C a congressionally-funded non-profit organization that provides training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of cybercrime. It appears that the bad guys gained access to NW3C about May 28 of this year. Again quoting KrebsonSecurity:
Alex Holden and his security consulting firm Hold Security LLC were instrumental in identifying and analyzing the attack server. Holden said that if the attackers had at least 11 weeks to access systems within the NW3C, they probably already have all of the data of consequence that could be gained from internal systems there.
“Based on sophistication of these guys, the custom tools they were using and the length of time they had to look around, it is unlikely that they walked away without whatever they were after,” Holden said. “Did they get 100 percent of it? Probably not. But from what I’ve seen of how these guys operate, they didn’t just plant their flag and leave. They were methodically exploiting systems and access to gain access to all of the data they could get their hands on.”
Holden added that while some of the information stolen from the NW3C may not be particularly useful for traditional cybercriminal purposes, that data may be of more interest to foreign governments. He noted that one of the more interesting lookups the attackers ran instructed the NW3C’s database to produce a list of foreign law enforcement agents who were working active criminal cases with the organization. Other queries forced the database to dump information from the law enforcement agents acting in a supervisory role at the NW3C.
“Other entities that might be interested in this data include foreign governments,” Holden said. “These guys may also be passing or selling this data off to other nations as well.”
Data Loss Prevention (DLP) is an important security tool. It is crucial to monitor the location and flow sensitive data and to respond quickly to anomalies. However, as these three incidents remind us, bad guys understand DLP, too. Using their knowledge of DLP, the bad guys seek to evade detection. An important layer in the defensive strategy is intrusion prevention. A common means of intrusion is spearphishing. In spearphishing the attacker attacks the systems through the human defenders by sending highly targeted emails to the defenders. These highly targeted emails deceive the defender into compromising his system. The FBI calls spearphishing the #1 attack method.
Humans’ email decisions can compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.