China joins the mass data breach party: lessons to learn from the OPM

China joins the mass data breach party: lessons to learn from the OPM

The massive data breach of federal employee information at the OPM could mark a significant moment in the evolution of the threat landscape

Related topics
Data
Data breach
Security

Related articles

Why nation-state cyber warfare should be keeping you up at night

Google to warn GMail users of state-sponsored attacks

Google to warn GMail users of state-sponsored attacks

Governments and businesses must act now on the Internet of Things, warns Accenture

Share article

 49  0  0  10 googleplus0

Short of time?

Print this pageEmail article

‘The Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible’

If the intelligence coming through is correct, and a nation state is behind the cyber attack at the US Office of Personnel Management (OPM), then IT leaders have yet another problem to worry about.

State-sponsored hackers are not just after select pieces of geopolitically advantageous intel – they’re prepared to lift millions of records at a time from organisations to get what they’re looking for.

But what are they looking for? And how do we stop them?

Even in an industry where ‘major inflection points’ seem to come along every few months, the OPM attack is a big deal. Originally thought to have compromised the personal details of only around four million US government employees, that number may now have risen to as many as 14 million.

>See also: Why nation-state cyber warfare should be keeping you up at night

More importantly, the breach is now said to have compromised highly sensitive data on staff applying for security clearance roles in military or intelligence positions. This data could include whether an individual has a criminal record, any history of alcohol or drug abuse, filed for bankruptcy and so on, according to reports.

This is information that a foreign state would find hugely valuable. It could be used for blackmail, coercion and even for possible recruitment of spies. And let’s not forget that the wealth of personal information contained in these employee records can also be used to make follow-up spear phishing attacks even more sophisticated and hard to spot.

A chequered past

This isn’t the first time something like this has happened. In fact, an intrusion into the OPM was traced to China last year but the department seems not to have heeded an Office of the Inspector General report soon after criticising “significant” deficiencies in its security. A watchdog has now said the OPM underinvested in security for a decade. This should be a warning to organisations everywhere – you get the security you pay for.

There are also signs that the recent Anthem breach of 80 million health records, the Premera Blue Cross incident exposing 11 million customers, and an attack on Carefirst Blue Cross (1.1 million) were linked to each other and China.

We’ll probably never find out if it was a government-sanctioned mission. But so far some reports seem to suggest that this data isn’t finding its way onto the darknet, which would be a typical move if it were nabbed by cybercriminal gangs.

So what can we learn from this? IT leaders should already be on high alert about the major data theft threat posed by cybercrime gangs – and the huge resulting clean-up and legal costs, regulatory fines, and damage to brand and shareholder value.

Knowing this threat has expanded to nation-state operatives should serve as a timely reminder to get security strategies in order, especially for government contractors.

On the plus side, best practice security to mitigate the effects of an attack shouldn’t change, whether the attacker is a criminal gang or an army hacking unit.

Aim to secure systems at every step of the cyber “kill chain”, starting with human resources. Invest in education and awareness training, so more staff can spot those all-important spear-phishing emails, and react quickly to an incident.

Then look at intelligence gathering to see if you’ve become a target. After that, it’s all about good security housekeeping, including keeping up-to-date with patches to ensure software vulnerabilities can’t be exploited. Guidelines like those produced by NIST and GCHQ are there for a reason, so follow them.

It’s also important to classify and label data and apply policies accordingly – segregating if necessary according to sensitivity.

>See also: Governments and businesses must act now on the Internet of Things, warns Accenture

Some highly sensitive data may need to be kept in air-gapped data stores. Delete anything that’s no longer useful or relevant. You’ll also need to authenticate access to this data strictly, along the principle of least privilege, and put a full audit trail behind it. It can also be useful to run breach ‘war games’ from time to time to check incident response plans are working.

No business is safe from a determined attacker, but what the OPM consistently failed to do was make suitable efforts to manage the risk of a serious breach. It’s a cautionary tale we would all do well to learn from. One thing’s for certain: the Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible.

Sourced from Bharat Mistry, Trend Micro

– See more at: http://www.information-age.com/technology/security/123459678/china-joins-mass-data-breach-party-lessons-learn-opm#sthash.rz3O942H.dpuf

The massive data breach of federal employee information at the OPM could mark a significant moment in the evolution of the threat landscape

‘The Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible’

If the intelligence coming through is correct, and a nation state is behind the cyber attack at the US Office of Personnel Management (OPM), then IT leaders have yet another problem to worry about.

State-sponsored hackers are not just after select pieces of geopolitically advantageous intel – they’re prepared to lift millions of records at a time from organisations to get what they’re looking for.

But what are they looking for? And how do we stop them?

Even in an industry where ‘major inflection points’ seem to come along every few months, the OPM attack is a big deal. Originally thought to have compromised the personal details of only around four million US government employees, that number may now have risen to as many as 14 million. Continue reading

Will our future Internet be paradise or dystopia?

What we learned from an Atlantic Council event discussing digital trends and possible scenarios for the world’s online future.

What does the perfect Internet look like?

The paradisiacal vision of its future – a scenario Atlantic Council senior fellow Jason Healey calls “Cyber Shangri La” – is one in which the dreams of Silicon Valley come true: New technologies are born and implemented quickly; secure online access is a human right.

There’s also what Mr. Healey, a Passcode columnist, dubs “Clockwork Orange Internet.” In this dystopian future, criminals and nation-states knock down attempts to secure networks and devices; people are afraid of shopping online or communicating freely with friends.

Passcode was the exclusive media partner for an event hosted by the Atlantic Council’s Cyber Statecraft Initiative on Wednesday focusing on alternate realities for the future of the Digital Age. Here are three things we learned from some of the country’s leading thinkers. Continue reading

In the next four weeks, 100 people will decide the future of the web

ICANN Logo

ICANN Logo (Photo credit: Wikipedia)

While America tucks into Thanksgiving turkey, the world will be taking over the net

On February 8, 2000, the US government signed a contract with the Internet Corporation for Assigned Names and Numbers (ICANN) to run the so-called “IANA functions” – which glue together the internet as we know it.

Ever since that day, people have been trying to end that contract. This time next year, it will finally happen.

Unfortunately, despite having had nearly 14 years to think about it, the process for deciding how to move the global internet and its addressing systems out from under a US government contract will be decided in the next four weeks. By 100 people. Mostly over email.

The CWG, or Cross Community Working Group (CWG) to Develop an IANA Stewardship Transition Proposal on Naming Related Functions, to give it its full title, has until 27 November to complete its deliberations. Continue reading

The Iranian Cyber Offensive during Operation Protective Edge

INSS Insight No. 598, August 26, 2014
Gabi Siboni , Sami Kronenfeld
 Although the IDF’s abilities to handle the rocket and attack tunnel threats have garnered most of the attention during the latest campaign in the Gaza Strip, it is now clear that Israel was also forced to confront cyber challenges during Operation Protective Edge. A senior officer in the C4I Corps noted that in the course of the campaign Iranian elements launched a widespread cyber offensive against Israeli targets, including attempts to damage security and financial networks. While these attempts were neutralized relatively easily and quickly by Israeli cyber defenses, it seems that Iran is investing heavily in the development of effective offensive capabilities against infrastructure systems, and might present a serious challenge to Israeli defenses within the foreseeable future. In 2013, a series of attacks on the websites of major US banks and financial institutions was attributed to Iran. An information security expert described these attacks, which included sophisticated techniques and demonstrated an ability to act in significant scope against high quality targets, as unprecedented in degree and effectiveness.

Image Bank/Getty Images

Attacks on a nation’s financial infrastructures have serious repercussions, liable to result in heavy financial damage as they disrupt routine financial activity of commercial enterprises and households alike. However, the focus of the cyber offensive during Operation Protective Edge was the civilian internet. Iranian elements participated in what the C4I officer described as an attack unprecedented in its proportions and the quality of its targets. The attack targeted IDF websites such as the Home Front Command and the IDF Spokesperson’s Unit, as well as civilian internet infrastructures. The attackers had some success when they managed to spread a false message via the IDF’s official Twitter account saying that the Dimona nuclear reactor had been hit by rocket fire and that there was a risk of a radioactive leak. Some of the attacks against Israel were attributed to the Syrian Electronic Army (SEA), a group of Assad-supporting hackers that in recent years has developed significant attack capabilities and described by Michael Hayden, former Director of the CIA and the NSA, as a veritable Iranian proxy. Continue reading

Cyber experts to assess Kenya’s readiness of combating cybercrime

English: Flag of Nairobi (Kenya) Español: Band...

English: Flag of Nairobi (Kenya)  (Photo credit: Wikipedia)

By Chrispinus Omar NAIROBI, (Xinhua) — Cyber security experts from the world are due to meet in Nairobi next week for an international conference aimed at assessing the readiness of Kenya to combat cybercrime.

The Kenya 2014 Cyber Security Conference will provide an opportunity to review the outcomes from the previous conference, chart a way forward as well as disseminate advancements and trends in the security sector, organizers said on Tuesday in Nairobi.

“We have noted that the trend globally is for a public private partnership approach to solving cybercrime problems,” said William Makatiani, Managing Director of Serianu Limited, a local cyber security consulting and intelligence firm.

Serianu Limited has teamed up with experts from Canada, Singapore, South Africa, India and the United States to organize the conference.

The June 11 conference is a follow up to the inaugural conference held in 2012 that provided a basis/benchmark for the state of cyber security readiness in the country and region. Continue reading

Intimidating new Internet fraud reported in AC

New type of malicious computer virus known as ‘ransomware’

There is a relatively unknown malicious computer virus going around the Internet posing as an official message from the Department of Homeland Security’s “ICE Cyber Crime Center.”

The ransomware is part of what is known as the the Troj/Reveton-Ransomware family and it displays a lock screen that requires the user to pay a ransom before they will be allowed to access their Windows desktop, applications or files. Continue reading

Was the Malaysian Plane Hacked? Probably Not

2672775_ml featureThe mysterious vanishing of the Malaysian flight raised a startling amount of rumors and theories of all kinds. While most are at least somewhat feasible, the recent cyber attack theory is closer to science fiction

By Maty Kishinevsky and Natalie Novitski

Over the last few days a new thoery concerning the disappearance of the Malaysian flight popped up: Hostile elements managed to take over a cellular phone on the plane, using it to connect to the plane’s avionics and bring the aircraft down. This feat is almost impossible even when the target is a ground vehicle, and when the target is airborne things get even more complicated.The plane itself uses radio to communicate with ground stations, but mobile devices use other means of communications. “There’s a way to control a phone remotely, but the device has to be connected to a network – cellular or internet.” This according to Avi Rosen, CEO and co-founder of cellular security developer Kaymera. “If you’re outside cellular reception range, or if you don’t have a stable internet connection on the plane, there’s no way to infiltrate the phone and remotely control it.” Continue reading