This document discusses trends in information security from January 2015. It notes that a Cisco audit found evidence of intrusion at all enterprises. Medical information is valued much higher by cybercriminals than payment card or personal information. The average data breach takes over 220 days to discover. Major breaches in 2014 impacted retailers like Target and Home Depot, as well as financial institutions and healthcare providers. The rapid rise of internet-connected devices and the Internet of Things introduces new vulnerabilities and threats. Information security teams must focus on detection and incident response as breaches are assumed to be inevitable.
Target Profit Falls 46% On Credit Card Breach
In totaling the expenses it’s incurred so far due to the data breach, Target said that it saw a $17 million expense in the fourth quarter of 2013, a figure that reflects $61 million in total expenses offset by a $44 million insurance receivable. Among the charges contributing to this total are costs related to investigating the data breach, offering credit-monitoring and identity-theft protection services to customers, increased staffing in call centers, and legal expenses, the retailer said.
Over 40 million credit cards were exposed in the cyber attack along with up to 110 million customer email addresses and phone numbers, affecting shoppers who frequented the store between November 27 and December 15, 2013.
https://corporate.target.com/about/shopping-experience/payment-card-issue-FAQ
http://www.csoonline.com/article/2601021/security0/11-steps-attackers-took-to-crack-target.html
"Since Target was PCI compliant, the databases did not store any credit card specific data, so they had to switch to plan B and steal the credit cards directly from the Point of Sales themselves," Be'ery says.
"The initial penetration point is not the story, because eventually you have to assume you're going to get breached," Be'ery says. "You cannot assume otherwise. You have to be prepared and have an incident response plan for what to do when you are breached. The real problem arises when malware is able to enable an attacker to penetrate deeper into the network.” "If you have the right visibility, that activity really stands out," he adds.
What did we learn from Target Breach:
3rd party vendor access to systems is a weak link and a potential point of entry. Network should be properly segmented to prevent 3rd party entry traversing to sensitive high-risk systems.
Compliance doesn’t equal security. Target was PCI compliant. Had spent $100 millions on data security. Had invested in tools (FireEye)
Monitoring, Logging, Alerting meaningless if no action/response is taken on alerts - All told, up to five "malware.binary" alarms reportedly sounded, each graded at the top of FireEye's criticality scale, and which were seen by Target's information security teams first in Bangalore, and then Minneapolis. Unfortunately, however, the security team appears to have made the wrong call. "Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up," she said. "With the benefit of hindsight, we are investigating whether, if different judgments had been made, the outcome may have been different.”
General User Awareness and Training are critical - Malware sent via a phishing email enable attackers to compromise the 3rd party contractors system.
Most attacks on Retail 2014 = 34, Finance and Insurance = 13, Medical Providers = 11
https://www.privacyrights.org/data-breach/new
http://healthitsecurity.com/2014/12/15/top-10-healthcare-data-breaches-for-2014/
http://krebsonsecurity.com/2014/11/home-depot-hackers-stole-53m-email-addreses/#more-28634
Home Depot and Target attacks both started by compromising a 3rd party suppliers credentials (username, password) to access the network.
The massive Home Depot data breach disclosed earlier this fall involved the theft of 56 million credit and debit card numbers, and now the company has revealed that the incident so far has cost it $43 million.
The costs are the result of both the investigation into the data breach as well as the recovery from it, including hiring security experts to find the details of the attack, bringing in more call center workers to handle consumer questions and paying for credit monitoring, among other things. In a financial filing on Tuesday, Home Depot said that as much as $15 million of those charges could be recoverable through insurance coverage.
See more at: http://threatpost.com/home-depot-breach-cost-company-43-million-in-third-quarter/109629#sthash.lty8f2GK.dpuf
http://www.bizjournals.com/atlanta/news/2014/11/25/home-depot-data-breach-lawsuits-rise-to-44.html?page=all
Other retailers impacted included Home Depot, which reported the theft of 55 million credit and debit cards at its stores in the U.S. and Canada, and Michaels Stores, which said 2.6 million credit cards were exposed. High-profile franchises also were targeted, including 400 Dairy Queen ice cream franchise locations in 46 states and P.F. Chang's China Bistro, which announced a breach impacting 211 of its restaurants.
The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation.
August 28, 2014 J.P Morgan Chase
New York, New York BSF HACK
76,000,00
So far, JP Morgan reports that only limited personal information, such as names, phone numbers, and addresses, were stolen, insisting that social security numbers, banking information, and other data remain safe.
"There’s no real reason to think that Bank of America will have better systems than JP Morgan," said Edwards. JP Morgan, according to Edwards, was seen as being one of the best at security. If they can get hacked, so can just about anyone.
Neglected Server Provided Entry for JPMorgan Hackers - Most big banks use a double authentication scheme, known as two-factor authentication, which requires a second one-time password to gain access to a protected system. But JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme, the people briefed on the matter said. That left the bank vulnerable to intrusion.
August 18, 2014 Community Health Systems
Franklin, Tennessee MED HACK
4.5 million
Community Health Systems out of Franklin Tennessee has announced a large data breach of their medical system. The breach occured when hackers infiltrated the server of the health system compromising Social Security numbers, names and addresses for 4.5 million patients. Authorities believe that the hackers were based out of China and the attacks happened from April 2014 through June 2014.
The home improvement retailer’s stock is up more than 14 percent this year and more than 2 percent since it confirmed a six-month breach of its payment system that affected some 53 million credit and debit cards. Home Depot says it expects its sales growth this year to be unaffected by the massive cyber intrusion.
And after JPMorgan said last Thursday that cybercriminals had obtained customer names, addresses, phone numbers and e-mail addresses for 76 million households, the company’s stock price has hardly budged.
http://www.wsj.com/video/jp-morgan-ceo-cybersecurity-spending-to-double/4591225B-B78C-4F0E-B4D1-65BE2D277D63.html
CHS data breach included name, SSN, address, and phone #
Information is now coming out about the source of the attack CHS — and it appears to be a Chinese hacker group.
Hackers found a file with Sony usernames and passwords called “Usernames&Passwords.”
As Kashmir Hill reported, there were only 11 people on the Sony information security team at the time of the hack:
“The real problem lies in the fact that there was no real investment in or real understanding of what information security is,” said the former employee. One issue made evident by the leak is that sensitive files on the Sony Pictures network were not encrypted internally or password-protected.
In February, Anthem disclosed the breach. To date, the incident is said to have impacted 78.8 million people based on the company's public disclosures. The source of the breach is believed to be a Phishing attack, which granted those responsible for the incident the credentials needed to access various systems from at least five employees.
Cisco. The new model of security
http://www.rsaconference.com/events/us14/agenda/sessions/1340/the-new-model-of-security
connected devices everywhere. IOT. connected devices. healthcare. mfg. automobiles. personalization of IT. IOT.
connected devices. connected vehicle. new threat attack vectors. medical devices, manufacturing facilities, etc.
assume every device is untrusted. ASSUME COMPROMISE.