sumo_mega_breaches

Since last week, the industry witnessed significant breaches involving a potential 21 million individuals, new unknown APT, and the Dyreza malware moving to industries beyond banking.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now. 

 

 

Breaches

Experian, a vendor to T-Mobile that processes credit checks for potential T-Mobile customers, announced that 15 million T-Mobile customers’ personal information was stolen during a breach that lasted between Sept. 1, 2013 –Sept. 16, 2015. 

http://www.t-mobile.com/landing/experian-data-breach-faq.html

Why is this signficant?

  1. Stolen information includes Social Security Numbers, birth dates, driver licenses numbers - enough data to steal a person’s identity. For consumers, this is not a typical breach such as with the theft of credit card numbers which causes a nuisance to consumers, indirectly leads to increased costs but invariably, is something that can eventually be rectified. This breach runs the actual risk of fraudsters impersonating affected individuals – from home rentals to health insurance bills. 
  2. Ironically, the identity protection service Experian is providing, ProtectMyID, is owned by Experian.  Experian announced they are offering  protection services for 2 years  to show that they are being responsible and putting a Band-Aid on the sore subject.
    To note, although the T-mobile FAQ still reports that they're offering customers identity protection services by Experian, it looks like T-Mobile has also partnered with CSID to provide customers with two years of free credit monitoring -https://www.csid.com/tmobileprotect/
  3. The breach went undetected for 2 years Sept. 2013-Sept. 2015. There are no details yet how the breach occurred, but the long timeline until detection is unsettling.

Scottrade Inc., a retail brokerage firm, was alerted in August 2015 by law enforcement agents of a customer breach that had occurred between late 2013 and early 2014,.  This breach lasted a few months, involved 4.6 million customers’ contact information and potentially included also customers’ social security numbers.  

http://krebsonsecurity.com/2015/10/scottrade-breach-hits-4-6-million-customers/

 

Why is this signficant?

  1. 4.6 million of Scottrade’s customers’ personal data was breached over a period of a few months and the breach went undetected for nearly two years.   
  2. Another company offering a year’s worth of free credit monitoring services.  Although this is already the standard, and it seems that the first step that companies do is set funds aside, we need to make sure that closing these incidents with free credit monitoring does not become lip service. 

Malware

Dyreza, a trojan malware, first spotted in June 2014 is broadening it’s target list to more than just a banking Trojan, but also to target the industrial supply chain.

http://www.computerworld.com/article/2987960/malware-vulnerabilities/dyreza-malware-steals-it-supply-chain-credentials.html

Why is this signficant?

    1. The evidence proves that the evolution of malware is not stagnant and not limited to a specific industry. Cyber-criminals, motivated by finances, have identified the potential of moving on to other targets.
    2. Talking about the finanical motivation of cyber-threats, and in particular of the Angler Exploit Kit, the latest statistic as published by Cisco states that "if you apply the full scope of Angler activity the revenue generated could exceed $60M annually." - http://talosintel.com/angler-exposed/?f_l=s

 

 * enSilo customers are protected from all strains of Dyreza

Moker, an APT unknown to date was discovered. Moker bypasses security measures, can be controlled without requiring Internet connectivity and takes great measures to bypass posthumous research once detected.  

http://blog.ensilo.com/moker-a-new-apt-discovered-within-a-sensitive-network

Why is this signficant?

1. APTs continue to evolve and bypass well-established security measures and Windows’ security mechanisms to infiltrate organizations. The security industry needs to consider measures to continue working securely despite a compromised environment. 

2. Given that malware authors adopt techniques used by other authors, we won’t be surprised if we see future APTs using similar measures that were used by Moker (such as bypassing security mechanisms and dissection techniques).