STE WILLIAMS

Somerset, NJ – November 26, 2013 – Lumeta Corporation, the leader in network situational awareness, today announced a new managed security services partnership with Prolinx Ltd. The Lumeta product suite will enable Prolinx to give their clients unparalleled network visibility as part of their information security and compliance programs.

Organisations face increasingly sophisticated cyber threats, with rising frequency and impact. Often, they turn to managed security service providers to obtain a comprehensive and flexible monitoring and incident response solution, while reducing operational expenditure (including support, maintenance and training costs).

Prolinx uses a multi-vendor approach to offer its clients best-in-class technologies and to discover, design, implement and manage a secure environment for their clients. Much of the company’s work involves integrating new technologies with existing infrastructures, business processes and operations. Prolinx provides a nationwide capability in the UK.

“Prolinx has years of proven government and military experience. Lumeta’s technology along with Prolinx’s consulting expertise and processes provide the foundational elements of any secure network infrastructure,” said Pat Donnellan, CEO of Lumeta. “We look forward to delivering public and private sector opportunities together.”

Lumeta’s network situational awareness product portfolio is included in the Prolinx Cyber Assurance offering, giving it strong foundational discovery and intelligence capabilities for vulnerability management and risk mitigation. Cyber Assurance is a fully managed security service providing discovery, security incident monitoring, response, remediation and reporting – covering all of an organisation’s information protection needs. Cyber Assurance protects data-breach risks from internal or external threats and reinforces protection across the enterprise. This service will ensure early detection of security events and provide timely and specific alerts, enabling incredibly rapid responses to modern threats.

About Lumeta

Lumeta’s IPsonar product suite is the most widely deployed real-time network situational awareness solution for large enterprise and government. This patented technology discovers and maps every IP connected device on a network and identifies inbound and outbound leaks, giving executive management a clear, comprehensive assessment of network vulnerabilities, cyber-threat risks and policy violations from network edge to core. IPsonar provides foundational intelligence required to make decisions impacting security, compliance and availability. It delivers an efficient and cost-effective process to streamline network consolidation (MA) projects, as well as addresses today’s security initiatives associated with BYOD, Mobility, Cloud, Outsourcing, SDN, Access Control and Big Data which increase the complexity of a network and compromise traditional security defenses. IPsonar optimises other network and security product investments with accurate and fact-based network intelligence. Headquartered in Somerset, New Jersey, Lumeta has operations throughout the world. More information is available at www.lumeta.com

Article source: http://www.darkreading.com/management/lumeta-announces-managed-security-servic/240164301

ABINGDON, England, November 22, 2013 /PRNewswire/ —

October saw spammers exploiting the themes of upcoming holidays, the names of well-known telecommunication service providers and the conflict in Syria, according to Kaspersky Lab’s latest spam report

[http://www.securelist.com/en/analysis/204792313/Spam_in_October_2013 ]. A rise of 6.6 percentage points in unsolicited and malicious emails took spam’s share of global email traffic to 72.5% for the

[http://www.securelist.com/en/analysis/204792313/Spam_in_October_2013 ] month.

Trojan fraud remained the most popular malicious program spread via email. This Trojan imitates a phishing HTML page and is distributed via email. It mimics notifications from major commercial banks, online shopping sites and various other online services. Once users land on the site, they are prompted to enter their credentials – which are immediately forwarded to the fraudsters, jeopardising the victims’ confidential information.

Trojan Fareit, a malicious program designed to steal logins and passwords from compromised computers, came second in October’s rating. Bagle climbed back to third place. Like most mail worms, Bagle self-proliferates to addresses in the victim’s address book and can download other malicious programs onto a computer without the user’s knowledge.

According to the report, fraudsters are also increasingly using the names of well-known telecoms companies to spread malicious programs. In September, they used BT Group

[http://www.securelist.com/en/analysis/204792309/Spam_in_September_2013 ]’s name to distribute the Trojan downloader Dofoil. In October, they targeted Canada’s national telecom operator, Telus Mobility. An attached ZIP archive contained Trojan Zbot, a malicious program designed to steal users’ banking information.

The fraudsters use rootkit technologies which allow them to successfully hide their executable files and processes from the system (but not from antivirus programs).

Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab, commented: “In most cases, spam mass mailings with malicious attachments target users’ confidential data. The fraudsters are looking for new ways to trick users and are actively expanding their list of high-profile company names for use in scams. Users should be very careful with any email containing executable .exe attachments or ZIP archives. The contents of the email should also be taken into consideration.

Whenever you are asked to open an attachment, you should be very careful, and at the very least scan the attachment with the help of an antivirus program.”

In October, Kaspersky Lab also registered spam mailings offering some rather unusual services – love spells and incantations. Fraudsters were less creative when it came to festive spam, with the makers of Santa-shaped USB sticks and similar festive season goods seeming to have run out of ideas – spammers are mostly using the same designs as last year, having changed only the address in the ‘From’ field and added links to newly created redirection sites.

The situation in Syria is being actively exploited by spammers [http://www.securelist.com/en/blog/8137/Nigerian_letters_now_with_a_Syrian_twist

] to spread “Nigerian letter” scams. In October, Kaspersky Lab continued to register new examples of fraudulent emails. For example, there was a mass mailing claiming to come from a female member of the “peacekeeping mission” in Syria who was hoping to form a serious relationship with the recipient of the email. On first glance, this seemed an innocent attempt to make friends, but once the scammers gained the victim’s confidence, the “pen pal” immediately hit a problem which only a money transfer from their new friend could solve.

In terms of the geographical location of spam, Asia (56.4%) remained the leading regional spam source in October despite a slight drop (-2.4 percentage

points) in spammer activity. North America came second after distributing 19% of global spam. Eastern Europe’s share went up 3.8 percentage points, averaging 16%, and placing the region third in the rating.

The full version of the spam report for October 2013 is available at securelist.com.

[http://www.securelist.com/en/analysis/204792313/Spam_in_October_2013 ]

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 16-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers.

Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at http://www.kaspersky.co.uk. [http://www.kaspersky.co.uk ]

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2012. The rating was published in the IDC report “Worldwide Endpoint Security 2013-2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked software vendors according to earnings from sales of endpoint security solutions in 20

Follow us on Twitter

Tweets by kasperskyuk

Like us on Facebook

http://www.facebook.com/Kaspersky

Article source: http://www.darkreading.com/vulnerability/october-spam-santa-scams-and-sorcery/240164290

An advisory council to President Obama blasted the federal government for failing to lead in cybersecurity best practices and recommended, among other things, a more active role in security by Internet service providers.

In a new, unclassified report to the Obama administration, the President’s Council Of Advisors On Science and Technology (PCA ST) said the federal government must set the tone by fixing its own security processes, and that it should offer incentives for compliance to ensure that private-sector organizations embrace better security practices.

The report follows a classified report on the same topic that the PCA ST handed President Obama in February. “A key conclusion is that, given the increasingly dynamic nature of cybersecurity threats, it is important to adopt protective processes that continuously couple information about evolving threats to defensive reactions and responses; static protective mechanisms are no longer adequate,” PCA ST co-chairs John Holdren and Eric Lander wrote in a letter to President Obama with the new report. Holdren is assistant to the President for Science and Technology and director of the office of science and technology policy, while Lander is president of Broad Institute of Harvard and MIT.

Members of the council include leaders from academia at Harvard, Princeton, Yale, and other major universities, as well as Eric Schmidt, executive chairman of Google, and Craig Mundie, senior adviser to the CEO at Microsoft. The council issued six findings on the state of cybersecurity in the U.S., each with recommendations for remedying shortcomings.

The first finding was blunt: “The Federal Government rarely follows accepted best practices. It needs to lead by example and accelerate its efforts to make routine cyberattacks more difficult by implementing best practices for its own systems.”

The council recommends that the feds retire within two years “unsupported and insecure operating systems,” including Windows XP, and move to new versions of Windows, Linux, and Mac OS, as well as push for “universal adoption of the Trusted Platform Module (TPM) microchip for all systems, including smartphones and tablets.” It also calls for the feds to adopt the most secure browsers, make available voluntary national identity technology, but make it mandatory for federal users.

“It’s very much to the point,” says Bill Solms, CEO of Wave Systems, of the new report. “These are immediate changes and things they can do to increase cybersecurity posture.”

If the feds can encourage TPM adoption in the private sector and mandate it among federal agencies, that would have a “near-term impact” on security, Solms says. “But TPM must also be managed and turned on … if you really want to get the benefits of it,” he says of the Trusted Computing Group specification for securely generating cryptographic keys on a platform.

In a nod to the new post-Snowden climate of government mistrust, one of the recommendations is that the feds facilitate, but not necessarily have access to, real-time threat intelligence-sharing among private-sector entities. The finding says this information must be shared more widely in the private sector to thwart attacks, and “in appropriate circumstances and with publicly understood interfaces — between private-sector entities and Government.”

The feds should facilitate these real-time intel-sharing partnerships in the private industry, the council says, but that doesn’t mean the feds will be privy to them: “Data flows among these private-sector entities should not and would not be accessible by the Government. The Government might participate in establishing protocols, or providing technology, for how the data are utilized by the private sector for cyberdefense. The protocols or technology utilized should have sufficient transparency to mitigate legitimate concerns about inappropriate Government access to private data,” according to the council’s recommendation.

And ISPs should take a more aggressive role in deflecting threats in their networks, the council said. “Internet Service Providers are well-positioned to contribute to rapid improvements in cybersecurity through real-time action,” it said. The feds must outline best practices for ISPs here, and the National Institute of Standards and Technology should work with ISPs on voluntary standards for how ISPs alert their customers when their systems are infected and provide them the resources they need to clean them up.

Solms says when ISPs can see a widening botnet threat in their networks, they need to take more aggressive action than many do today. “It’s for the greater good,” he says.

[The White House spells out several proposed incentives on the table for those who adopt the Cyber Security Framework. See White House Proposes Cybersecurity Insurance, Other Incentives For Executive Order.]

The council also recommended that regulated industries should be required to adhere to cybersecurity best practices via “auditable” processes rather than lists, and that the Securities and Exchange Commission (SEC) should require that publicly held companies disclose security risks “that go beyond current materiality tests.”

Industry-driven rather than government-mandated processes for improving security are best, the council says: “For the private sector, Government’s role should be to encourage continuously improving, consensus-based standards and transparent reporting of whether those standards are being met by individual private-sector entities.”

Finally, the report called for future systems and networks to be built to stand up to attacks. “Future architectures will need to start with the premise that each part of a system must be designed to operate in a hostile environment. Research is needed to foster systems with dynamic, real-time defenses to complement hardening approaches,” the council recommends.

The full “Report to the President: Immediate Opportunities for Strengthening the Nation’s Cybersecurity” is available here (PDF).

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/vulnerability/presidential-council-calls-for-feds-and/240164291

Distributed denial-of-service (DDoS) attacks continue to plague major corporations today, but half of organizations don’t have a plan or defense against DDoS attacks, a new survey found.

Nearly 45 percent of organizations surveyed by Corero have no DDoS response plan, while some 21 percent don’t have a response team set up in the case of a DDoS attack targeting their networks. Around 60 percent say they don’t have a designated DDoS response team, and 40 percent say they don’t have a point of contact within their organizations when a DDoS hits, according to the survey of some 100 respondents.

“Half of them aren’t really doing anything about DDoS. They’re just hoping nothing will happen to them, or they [will just be] putting up with inconvenience it’s causing in the meantime,” says Ashley Stephenson, CEO of Corero, which will release full data from the survey next month.

Stephenson says he has seen cases where corporations had no idea that their own computing resources were being used in DDoS attacks against them. “A lot of people are not really paying attention to what’s going on, and that’s facilitating the malicious activity going on out there,” he says.

More than 54 percent of the organizations surveyed say they have either an out-of-date network diagram of their infrastructures or no diagram at all. Some 66 percent don’t have statistics on network traffic patterns and traffic volume baselines to help identify when a DDoS is brewing.

One of the reasons DDoS attacks have become so popular is that they are relatively inexpensive to pull off. “It’s a cheap resource being used to launch the attacks,” Stephenson says. “And the more we invest in good Internet [technology], the greater power is available for third parties to leverage it and do these attacks … [The attackers] are just cataloging all of these vulnerabilities and exploitable resources and calling on them when necessary to affect the attack.”

Compromised desktop machines traditionally have been the most popular weapons for DDoSing a target, but, increasingly, attackers are deploying servers for more firepower. “That takes fewer bots but much more powerful [ones],” Stephenson says.

A recent report by Dell SecureWorks revealed just how much DDoS-for-hire services cost in the cyberunderground. Those services cost only $3 to $5 per hour and $90 to $100 per day, Dell SecureWorks found. And a weeklong attack goes for $400 to $600.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/attacks-breaches/survey-ddos-is-hot-planning-is-not/240164306

Tags: chet chat, cryptolocker, data breach, DH, DHM, forward secrecy, happy hour, lg, Privacy, Scam, Smart TV, sophos security, sscc, support scam, TLS, Twitter

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/1CcwdkcpjWY/

Racing aficionados, take heed: attackers spent Friday and Saturday kicking over the database at Racingpost.com and have trotted off with customer records.

The site, which is devoted to dogs, horses, and placing bets on the fleetest of either lot, posted a statement saying that attackers kept up a “sophisticated, sustained and aggressive attack” on Friday and Saturday, managing to access a database and make off with the details for an undisclosed number of customers.

Not to worry about credit card numbers, given that the site doesn’t act as a bookie. That means there was no customer credit card information for the crooks to filch, Racing Post says:

Betting through the site with our partner bookmakers has at all times been unaffected as this activity takes place directly with the bookmaker. Racing Post is not involved in the process – we hold no details whatsoever in relation to your betting accounts.

Customer credit and debit card details are not stored on the site and have therefore not been accessed and are not at risk.

Still, there’s plenty left for phishers to chew on, given that the breached data included usernames, first and last names, encrypted passwords, email and customer addresses, and dates of birth.

Fortunately, the breached passwords were encrypted, the company says.

Unfortunately, that means nothing, given that the company didn’t mention having hashed or salted those encrypted passwords.

In fact, Racing Post is advising customers to change their passwords if they use them on other sites, given that it’s a little shaky regarding the strength of that encryption.

From the statement:

Our advice, if in doubt, is to change passwords on other sites as a precaution as we cannot be confident that the hackers will be unable to break the encryption.

If the site’s users have repeated passwords between RacingPost.com and other sites, it will be a breeze for attackers to waltz into those other sites when/if they manage to crack the  passwords.

In fact, password reuse is such a needlessly generous offering to cyber crooks, Facebook, for one, tries to head off hijackings of customer accounts by proactively running breached data sets against its own users’ login credentials.

If it finds password reuse, Facebook hides accounts from public view until a given user cleans up his/her act.

Would that all sites lavished that type of forethought on password reusers!

Alas, they do not.

But Racing Post, for its part, has taken the precaution of disabling log-in and registration functionality, although it says the site is safe and open, including access to Members’ Club content.

In a letter sent to affected customers, Racing Post said that it’s already overhauled security. It’s also called in the cyber-security big guns to help it to further iron out its wrinkled security profile.

From The Register’s coverage:

Please be assured that we are currently reviewing all of our security measures and will put in place even stronger protection to stop this happening again. Extensive changes have already been made overnight with the assistance of industry-leading cyber-security experts.

OK, sounds promising. Let’s just hope that these experts know how to roll out proper encryption.

Sophos is always ready to lend a hand with that, of course.

Here’s Paul Ducklin’s take on Adobe’s Clydesdale-sized* cryptographic blunder, for starters!

*Sorry for all the horse puns. I know they’re lame. I’m really feeling my oats today.

Follow @LisaVaas

Follow @NakedSecurity

Image courtesy of Cheryl Ann Quigley / Shutterstock.com

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/99pL2ytOkT8/

Tags: chet chat, cryptolocker, data breach, DH, DHM, forward secrecy, happy hour, lg, Privacy, Scam, Smart TV, sophos security, sscc, support scam, TLS, Twitter

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/x6-hvqt4Pmw/

Email delivery: Hate phishing emails? You’ll love DMARC

German chancellor Angela Merkel’s mobile was wire-tapped by at least five foreign intelligence agencies, unnamed German security officials have told Focus magazine.

The bugging of the premier’s BlackBerry by the US provoked an international diplomatic incident and a promise by the Obama administration to lay off in future. But the phone was also under surveillance by the Russian, Chinese, North Koreans and Britain’s GCHQ, according to Focus. The German government has declined requests to comment on the report.

It’s unclear whether some strain of mobile malware or over the air interception was at play in the apparent hackfest against the German’s leader’s mobile (which now even has its own parody Twitter account). Cloned phones and manipulation in telephone exchanges were used to tap the mobiles of Greek politicians around the time of the Athens Olympics, suggesting one possible communications interception technique.

Berlin, arguably the epicentre of Cold War intrigue, remains a focus point for spies. Quite apart from electronic surveillance, foreign human-intelligence agencies are always busy trying to recruit German politicians, civil servants, military personnel and scientists as agents, with the Russians particularly active in the field. It’s known that a “high-ranking official in the ministry of finance” was secretly working for the British Secret Intelligence Service (aka “MI6”) during the 1990s*, and this individual is unlikely to have been the only such mole.

German intelligence officials reportedly plan to strengthen their counter-surveillance capabilities in response to revelations about NSA spying on Germany’s long time political leader. Both the Russian and UK embassies in Berlin are suspecting of running electronic eavesdropping. The existence of a GCHQ listening nest located outside Blighty’s Berlin embassy was leaked by Snowden, since when it has become the subject of several picture special stories.

Christopher Soghoian, principal technologist and senior policy analyst at the ACLU, said in a series of updates to his personal Twitter account that the security shortcomings in Merkel’s mobile set-up should have been apparent. The vulnerabilities offer lessons for other political leaders, he added.

“Even if the US stops tapping Merkel’s phone, other countries will continue,” he said. “The solution is encrypted phones for all.”

“If Russia China are tapping Merkel’s calls in Germany, they’ve gotta be doing the same to politicians in the US. The smartphones that members of Congress use to to call, tweet (and in some cases, sext)? They are no more secure than Merkel’s,” he added (here and here).

Soghoian added that for years German security researchers have “warned about the ease of cell phone interception [but] the German government ignored them”, pointing to research presented at the Chaos Computer Club conference three years ago by Karsten Nohl to support his point.

In related news, a WSJ article on how the Snowden revelations have shaken the NSA notes in passing that the bugging operation against Merkel was done to “fulfil intelligence requests from the State Department”, according to two unnamed officials.

The story also notes that NSA director General Keith Alexander offered to resign shortly after Snowden outed himself as the source of leaks about the agency’s work. However Obama administration officials turned down the offer out of concerns “that letting him leave would wrongly hand Snowden a win”, according to an unnamed former defense official. ®

Bootnote

*The former British spy Richard Tomlinson let this slip in his memoir of life in the SIS, The Big Breach (readily available online). The German mole was apparently codenamed ORCADA and had his own dedicated case officer in the British embassy, who – unusually – was not known to be a spook by the normal diplomats.

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/26/merkel_phone_tapped_by_5_countries/

Email delivery: Hate phishing emails? You’ll love DMARC

Some lucky infosec professionals will be taking part in a cyber war game designed to test the readiness of NATO countries to respond to “large scale cyber attacks targeting information infrastructures” in the pretty city of Tartu in Estonia.

Cyber Coalition 2013, a three-day exercise which starts today, will involve staff from NATO headquarters and agencies all over Europe, authorities from 27 member nations as well as partners Finland, Sweden, Austria, and Switzerland.

The exercise will involve around 400 information technology, legal and government experts from across the Alliance and partner nations honing their cyber defence skills in what’s billed as one of the biggest Red Team exercise to date.

The exercise is based on a fictitious crisis scenario that will take participant nations with the job of warding off simulated cyber attacks. The mystery scenario “requires action, coordination and collaboration from cyber defence specialists and management bodies,” according to organisers.

“Cyber attacks are a daily reality and they are growing in sophistication and complexity. NATO has to keep pace with this evolving threat and Cyber Coalition 2013 will allow us to fully test our systems and procedures to effectively defend our networks – today and in the future,” said Jamie Shea, deputy assistant secretary general for emerging security challenges at NATO Headquarters, in a statement.

The Estonian National Defence College training centre in Tartu will pay host to 100 participants during the exercise, with the remaining 300 cyber warriors participating from the capitals of 32 nations, The European Union and New Zealand have sent observers to monitor the progress of the exercise.

Estonia will provide exercise infrastructure, training facilities and logistical support. The Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence has helped in the preparation of the exercise. ®

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/26/nato_cyber_war_game/

In many respects the breach trends of 2013 have borne out some good news for the security industry. Unlike the past four to five years, this one has not been awash with mega database breaches of tens of millions of records containing personally identifiable information (PII). And, according to statistics compiled by the Privacy Rights Clearinghouse, both the number of breaches publicly reported and the volume of records breached has declined. Last year at this time the running count already totaled approximately 27.8 million records compromised and 637 breaches reported. This year, that tally so far equals about 10.6 million records compromised and 483 breaches reported. It’s a testament to the progress the industry has made in the fundamentals of compliance and security best practices. But the record this year is clearly far from perfect.

When comparing year-to-date numbers, the volume of records breached went down a drastic 61.7 percent, while the number of reported breaches was only reduced by about 24.2 percent. This shows that breaches are still occurring at a fast clip–it’s just now the distribution of theft and compromise has spread out. Breaches are smaller, and according to security insiders, they’re far more targeted. And frequently the theft is of IP or other digital property that could be even more damaging than customer records when stolen, but which are more difficult to quantify and which don’t make the statistical headlines.

Delving deeper into the specifics of breaches occurring this year, it is evident there’s still work to do. As evidenced by the 2013 track record, valuable databases are still left unprotected and unencrypted, applications are still riddled with vulnerabilities and users are still allowed to download huge quantities of information from sensitive databases and store them on poorly protected endpoints. To plead our case, Dark Reading has cherry-picked a few helpful examples and offered up some valuable lessons the industry can learn from these incidents.

Company Compromised: CorporateCarOnline.com
Breach Stats: 850,000 records stolen
The Details: Personal details, credit card numbers and other PII from some of the biggest American names in professional sports, entertainment, Fortune 500 business and politics were all stolen in this juicy heist of a plain text archive held by this company that develops a SaaS database solution for limo services across the country. Some of the big names on the list include Tom Hanks, Sen. Tom Daschle and Donald Trump

Lessons Learned: A key lesson in how the ingenuity of attackers knows no bounds when the most valuable financial and social-engineering-fueling information is at stake. According to KrebsOnSecurity.com, a quarter of the compromised card numbers were high- or no-limit American Express cards and other information would prove a treasure trove for corporate spies or tabloid media players. Meanwhile the company at hand paid absolutely no regard to the security of the information, without even trying to take the most basic of cryptographic measures to protect it.

[How do you know if you’ve been breached? See Top 15 Indicators of Compromise.]

Company Compromised: Adobe
Breach Stats: Nearly 3 million PII records stolen, over 150 million username/password combos stolen and source code from Adobe Acrobat, ColdFusion, ColdFusion Builder and other unspecified products.
The Details: This is the breach that just keeps unraveling as the hits keep coming more than a month after the compromise was first disclosed. Originally just though a compromise of 3 million PII records, it’s now clear that Adobe is contending with the loss of a vast trove of login credentials, and more startlingly, its source code.

Lessons Learned: Not only is the still-unfolding Adobe story a good teaching moment for how thoroughly a company can be owned by attackers once they’ve established a foothold in a corporate network, it’s also a lesson on how dependent the entire enterprise ecosystem is on the security of its software supply chain. The potential ramifications could ripple out for a long while yet as a result of this breach.

Company Compromised: U.S. Department Of Energy
Breach Stats: PII stolen for 53,000 former and current DOE employees
The Details: Attackers targeted DOEInfo, the agency’s outdated, publicly-accessible system built on ColdFusion for the office of its CFO. DOE officials say the breach was limited to PII about employees.

Lessons Learned: There were two big lessons here. First, patching always has been and always will be paramount. Second, organizations must think about reducing their attack surfaces by reconsidering which systems connected to sensitive databases should be left open on publicly-facing websites.

Company Compromised: Advocate Medical Group
Breach Stats: 4 million patient records stolen
The Details: The theft of four computers from offices owned by this medical company exposed more than 4 million patient records in what officials are calling the second-largest loss of unsecured health information since notification to the Department of Health and Human Services became mandatory in 2009.

Lessons Learned: Health-care breaches are dominating the 2013 breach disclosure list thus far, but this one in particular is the most egregious. With patient records dating back to the 1990s compromised from a physical computer theft, it is clear that the basics in physical security, endpoint security, encryption and data protection were all deficient here. In particular, endpoint theft and loss in healthcare issues seems to come up time and time again. It may be time for these organizations to reconsider how much data an endpoint is allowed to download and store from centralized databases.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/database/lessons-learned-from-4-major-data-breach/240164264