BreachBytes

According to SC Magazine Australia, MTV experienced a breach compromising the confidential information of over 5,000 employees.

…it appears an employee may have fallen victim to a social engineering trick that allowed a trojan to be installed on his or her machine.”

Interestingly, more and more breaches are as a result of tactics to dupe unsuspecting employees with access to corporate credentials as is the case with this latest breach.

In the end of 2007 we first noted the FastHosts breaches in the BreachBytes links to breach articles. On January 14, 2008, ComputerWorld reported that the seemingly benign and random breach(es) at FastHost - The UK’s largest hosting company - in late 2007 appear to be much worse than originally thought due to the damage that is now happening as a result. Here is the article:

New mass hack strikes sites, confounds researchers

It is interesting to see that the hackers continue to use more sophisticated methods to perform their damage and a variety of the knowledgeable security companies are quoted as not really knowing how to determine which sites were in fact infected.

Oak Ridge National Laboratory admitted that they had suffered a breach on October 29th, 2007. Luckily, it appears from this Information Week article that no classified information was compromised. This breach underscores the fact that breaches are inevitable and all organizations whether they are government, non-profit or for-profit must have a comprehensive response and recovery plan.

There are so many situations, reports and news articles where vague statements are used such as the one in the Information Week article: “ORNL said that no classified information was lost but that the personal information of visitors may have been stolen.” “…may have been stolen,” that makes me feel comfortable and secure. When responding to an incident it is necessary to be able to definitively state what actually happened and report a conclusive response. That’s what “incident response” is all about.

A comprehensive recovery plan that includes the ability to perform “deep dives” into all of an organizations network data particularly using NetFlow lets security analysts provide that definitive answer we are all looking for.