BreachBytes

SC Magazine reported today that the Davidson Companies, a Montana-based financial firm disclosed “one of its databases, containing the names and Social Security numbers of 226,000 current and past clients, was illegally accessed ‘by a third party through a sophisticated network intrusion.’” In response the firm “took its public website offline after learning of the intrusion, hired a security consulting firm to investigate the theft and notified the major credit-reporting bureaus after learning about the incident.”

We keep beating the drum at BreachBytes that enterprises need to have a response and recovery plan in place because Breaches are inevitable.

A quote by Gartner analyst John Pescatore in a recent article in PC World points out a fact that is becoming more and more common and is of grave concern to security experts:

“…government-funded cyber espionage is minimal in comparison to that carried out by criminals motivated to steal information for financial gain.”

Cybercrimes are no longer fashionable pranks by teenage hackers to get their name in the paper. Cybercrime is now being driven by financial gain and in many cases is the result of organized crime. The San Jose Mercury News did an excellent three-part series called “Ghosts in the Browser” which highlighted the rise of organized crime, particularly overseas, in the cyberworld.

What makes this so scary?

(more…)

In the end of 2007 we first noted the FastHosts breaches in the BreachBytes links to breach articles. On January 14, 2008, ComputerWorld reported that the seemingly benign and random breach(es) at FastHost - The UK’s largest hosting company - in late 2007 appear to be much worse than originally thought due to the damage that is now happening as a result. Here is the article:

New mass hack strikes sites, confounds researchers

It is interesting to see that the hackers continue to use more sophisticated methods to perform their damage and a variety of the knowledgeable security companies are quoted as not really knowing how to determine which sites were in fact infected.

Poor Salesforce.com.

They continue to be under attack by phishing scams. As a customer I have been satisfied with their responsiveness and continue to root for them. My first sighting of the last Salesforce.com attack popped up my ZDNet.com RSS Feed on 11/06/07. The same day I received an email from Salesforce.com explaining what had happened and what they were doing about it. They offered a surprising level of transparency which, in my mind, showed courage and confidence based on their timely disclosure. Over the intervening days changes were implemented that were mildly inconvenient to the user yet improved the security of the Salesforce.com installation (and more importantly our data).

(more…)

I find myself asking the question: “How can a network ever really be secure?” and talking about it with customers and colleagues all the time. This article “How dangerous user behavior puts networks at risk” brings this issue to the forefront. Regardless of the number of defenses a company puts in place whether it’s firewalls, Intrusion Prevention Systems, Security Information Management Systems or the like one of the biggest vulnerabilities are the users on a network.

It is becoming necessary both from what you read in the press and today’s environment to be sure that your company has the necessary “evidence” in a stockpile in addition to alerting and correlation tools for those times when you are alerted by one of your users or a network device about potentially damaging user behavior. What I mean by evidence is to retain all of that network and NetFlow data for future forensic analysis. While that data isn’t going to be able to spot the employee who loads up a thumb drive with company data and takes it home, that data is what allows network security experts in a company to address the insider threat caused by simple violations of corporate policies when it comes to what the employee does online.

(more…)