What can we learn from the latest data breaches?

Blogginlägg -

What can we learn from the latest data breaches?

Inuits leverantör Avecto har bjudit in TechWorld redaktören John Dunn för att berätta vad vi kan lära av de senaste dataintrången.

The simple elevation of user and application privileges lies at the heart of many breaches

We must hope that January’s huge data breach at Target will be a turning point in the history of data breaches. For the first time, businesses are starting to ask difficult questions – might the fact that one of the US retail sector’s most respected retailers can be breached with such ease not be telling us that something is profoundly wrong with enterprise security?

To its credit, Target has been relatively open about the technical failings that aided the hackers. The firm’s CIO Beth Jacob even resigned as part of a security overhaul. Clearly, executives are now in the firing line when things go wrong. The astonishing thing about Target’s woes is that not only are large data breaches nothing new they are starting to become normal.

Historically, the top ten data breaches run in the following order of size:

  • Heartland Payment Systems (2009 – 130 million accounts)
  • Target (2014- 110 million)
  • TK/TJ Maxx (2007 – 94 million)
  • AOL (2014 – 92 million)
  • Sony PlayStation Network (2011 – 77 million)
  • US Military Veterans (2014 – 70 million)
  • LivingSocial (2013 – 50 million)
  • Evernote (2013 – 50 million)
  • CardSystems (2005 – 40 million)
  • Adobe (2013 – 38 million)

Looking at this list, a number of themes jump out. First, every single one of these incidents was in the US, which we have to assume is more to do with the disclosure laws than that country being more likely to suffer a large breach. Put more pessimistically, these are simply the breaches we hear about.

Second, although size grabs attention, it shouldn’t be assumed that scale always equates to severity. All data breaches are serious but as a recent breach that revealed personal details of only 10,000 women seeking help from the UK’s British Pregnancy Advisory Service underlines, tiny data breaches can also be incredibly serious.

It’s also intriguing that six of these major breaches have happened in the last 12 months. It could be that hackers are just trying their luck more often than in the past or, as many suspect, organizations are just getting better at spotting them. Either way, we have to assume that the search for weak security has become an industrial-scale business model for the criminal underworld.

The Target hack

This attack was only one of at least half a dozen that affected large US retailers in 2013, which as far as we can tell all involved planting malware on PCs connected to point-of-sale (POS) terminals. The malware used in the Target hack was a popular Russian toolkit called BlackPOS, sold specifically for use against retailers. That is the really chilling part of the Target incident; there are now several dedicated toolkits sold for attacks on this sector alone.

We can only infer the precise engineering of the attack, but it is clear it had several layers, starting with a reported compromise of a third-party contractor whose credentials were phished to gain access to the network. The current assumption is that multi-factor authentication was probably not in place.

Next, using only that one credential and the access rights it afforded, the criminals were able to move around the network, gaining access to deeper layers. A number of techniques could have been used but past POS attacks have exploited admin-level default passwords for specific applications the attackers either know or guess will be present. The attack complete, the criminals then made off with 110 million customer account records without being detected until they were long gone.

As in so many attacks, the underlying theme is simply the abuse of privileges, first of the contractor, then at the application level. Although this attack was external, the same risk of failing to control accounts and privileges would have applied to a rogue insider too. The fact that this problem is well understood, makes its constant re-occurrence in new attacks unbelievable. Allowing this to continue would be a failure to learn on a grand scale.

Läs allt du behöver veta för att undvika dagens sofistikerade cyberattacker på denna webbsida: http://go.inuit.se/cyberattacker-2014

Relaterade länkar

Ämnen

Kategorier

Kontakter

Markus Arvidsson

Markus Arvidsson

Presskontakt Marketing Manager Marknadsföring och PR 08-753 05 10

Relaterad media

Fighting Cyber Attacks - Infograhic
  • Fighting Cyber Attacks - Infograhic
  • Licens: Creative Commons erkännande
    Med en Creative Commons-licens, behåller du din upphovsrätt men tillåter andra människor att kopiera och distribuera ditt verk under förutsättning att de erkänner dig som upphovsman. Du tillåter andra att kopiera, distribuera, visa och framföra verket, samt att skapa bearbetningar av det.
  • Filformat: .pdf
Ladda ner

Relaterat innehåll

Skydda er organisation mot 92% av sårbarheterna i Microsoft genom att ta bort admin-rättigheterna

Skydda er organisation mot 92% av sårbarheterna i Microsoft genom att ta bort admin-rättigheterna

Ny analys av " Patch Tuesday" bulletinerna visar på fördelarna med att ta bort administratörsrättigheter.

73 procent av beslutsfattare inom IT-säkerhet prioriterar ännu inte att begränsa behörigheterna i Windows

73 procent av beslutsfattare inom IT-säkerhet prioriterar ännu inte att begränsa behörigheterna i Windows

Ny undersökning avslöjar brister när det gäller att begränsa användares behörigheter i Windows trots stora säkerhetsincidenter och ett fortsatt växande hot som orsakas av användare och IT- administratörer.

Så tar du bort admin-rättigheter utan att påverka användarnas produktivitet

Så tar du bort admin-rättigheter utan att påverka användarnas produktivitet

Oavsett om du är mitt uppe i en migrering förklarar denna artikel hur IT-avdelningar har övervunnit utmaningarna med User Account Control och applikationskompatibilitet för att permanent ta bort admin-rättigheter från sina organisationer.

5 Reasons to Keep Admin Rights off your PC

5 Reasons to Keep Admin Rights off your PC

Inuits leverantör Avecto bjöd in Sami Laiho, Microsoft MVP för att hålla ett webinar där han visar på varför det är så viktigt att ta bort administratörsrättigheter på Windows 7/8. Här sammanfattar Sami sina råd från webinaret.

Relaterade event

Cyber Strategies for Endpoint Defense 2014

Cyber Strategies for Endpoint Defense 2014

Tid 24 April 2014 13:00 – 14:00

Plats Webinar

Inuit AB - Effektiva och säkra IT-lösningar som förenklar din vardag

Inuit AB är en distributör specialiserad på produkter för drift och säkerhet för IT-system. Huvudfokus för verksamheten är att skapa kundnytta genom ökad produktivitet och säkra IT-plattformar. Lösningarna spänner över områden såsom ITSM-helpdesk, ärendehantering, hantering av klienter och mobila enheter, nätverks- och serverövervakning, molntjänster, IT-säkerhet, IT analytics, Identity Aceess Management och Active Directory.

Inuit AB
Enebybergsvägen 10A
182 86 Danderyd
Sverige
Startsida
Lösningar
Kunskapshub