TechTimes is reporting that Neiman Marcus is apologizing for the security breach that compromised customers’ financial data. The real news is that the malware whch infected their systems started operating in July 0f 2013 and was only contained last week!
More technical details were reported by Computerworld. The malware was a variant of known malware. The attackers modified the malware to evade detection. Computerworld quotes from the research of iSIGHT:
This software contains a new kind of attack method that is able to covertly subvert network controls and common forensic tactics, concealing all data transfers and executions that may have been run, rendering it harder to detect.
That this attack went undetected for so long underscores the warnings of Anup Ghosh:
The fallacy of the logic in monitoring and response is that you can detect the attack that bypassed the tools. If you could, then you would simply update the tools, which is how the security industry works (and failed) by and large. Instead, humans end up detecting artifacts of attacks long after the attack has been successful—after the damage is done... It turns out once your customer records are leaked, your email archive published, your IP stolen, all the remediation and incident response in the world can’t get it back. All the King’s men couldn’t put Humpty Dumpty back together and nor can you.
No security technology is perfect. As this incident shows, the bad guys are clever and will find ways to defeat your defenses. That is why prevention is so important. In the 21st Century, an ounce of cyber-prevention is worth more than a pound of cyber-cure. SP Guard is an important piece of cyber-prevention. Using SP Guard, social engineering spearphishing attacks can be disrupted by targeting email deception. IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.