Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

epsilon

eCrime Trends Report Q1 2011 – Phishing Up – Rustock Down

Internet Identity (IID) has released their eCrime Trends Report: First Quarter 2011.

The report is a summary of statistics and news items from this year’s first quarter and serves as a useful reminder of how regularly breaches occur and how easy it is to forget about the last big breach.

Every month seems to have another record for the largest breach, Epsilon was usurped by Sony, who will be next? This is why quarterly reviews are so important.

The highlights of the IID report are below:

IT security firms in the cybercrime crosshairs

  • Breach of HBGary Federal reveals vulnerability of the extended enterprise
  • Internal emails exposed information about partners and clients
  • RSA Security breach

Notorious Rustock botnet goes offline

  • Microsoft and law enforcement cooperate in unprecedented action to shut down and confiscate criminal servers
  • Significant reduction in spam noted worldwide

Phishing attacks

  • National banks saw increase of 11% over Q4 2010
  • Banks outside the U.S. increased most dramatically
  • Recent database breaches could lead to increased spear phishing in the coming quarter
  • Compared to Q4 2010, Phish targeting larger, national banks increased 11%. Much of the growth was seen in non-US based banks, which took three of the top five spots among banks
  • Phishing in Q1 2011 grew 12% over Q1 2010.

Parts of the Internet went dark in Q1 for a variety of reasons

  • Egyptian ISPs ordered to shut down following Internet-led protests
  • Mooo.com seizure by DHS temporarily suspended 80,000 subdomains
  • Rabobank blackholed its own DNS records in an attempt to combat DDoS attack

“As we’ve seen with recent attacks against Sony’s PlayStation Network and Epsilon, cyber criminals now have inside information about tens of millions of customers to use in highly targeted phishing campaigns,” said IID President and CTO Rod Rasmussen.

“The worry is that with all of this specific data, cyber criminals have all they need to convince people to share their highly valuable personal information. Organizations must ensure they are taking every measure to stop these attacks, including blocking access to phishing sites and command and control domains for malware that exfiltrates data. This should be done with e-mail filtering, firewalls and secure domain name system resolvers.” 

Read the full report here.

.

Identity Theft Resource Center found that hacking accounted for the largest number of breaches in 2011 year-to-date

The Identity Theft Resource Center® has found that hacking accounted for the largest number of breaches in 2011 year-to-date.

Almost 37% of breaches between January 1st and April 5th were due to malicious attacks on computer systems. This is more than double the amount of targeted attacks reflected in the 2010 ITRC Breach List (17.1%).

ITRC point out that their findings do not include the large Epsilon Email Breach as the full findings were are to be disclosed and the effects seen. The findings will not include the massive Sony Playstation Network breach as this was after the report.

Anecdotally the ITRC in their press release also refer to other pieces of research

  • Symantec Internet Security Threat Report. This report discloses that over 286 million new threats were identified during 2010. Additionally, the Symantec report said they witnessed more frequent and sophisticated targeted attacks in 2010.
  • McAfee found that the most significant threat to businesses was data leaked accidentally or intentionally by employees.

ITRC views employee breaches as two different types of breaches.

1. Accidental breaches are those that happen by employee mistakes, and while they cause harm, the people who made a mistake never intended to injure the company.

2. The insider who intentionally steals or allows others access to personal information is considered a malicious attacker.

“At first it may be difficult to know if a hacking was perpetrated by an insider or outsider,” says Linda Foley, founder of the ITRC and data breach report manager. “ITRC does not have access to the Secret Service’s forensic information has so we can only report on situations when information is released.   As of April 5, 11.6% of 2011 breaches with known forms of leakage were insider theft.  When these events are added to known hacking attacks, ITRC’s breach database report indicates that 48.2% of published breaches are some form of targeted attack.

Businesses are taking the brunt of hacking attacks, according to published reports of breaches. 

  • 53.6% of all breaches on the ITRC report were business related. 
  • The other categories, “Banking/Credit/Financial,” “Educational,” “Government/Military and Medical/Healthcare all dropped in their respective percentage of reported breaches.

Other ITRC finding include:

  • Nearly half of breached entities did not publicly report the number of potentially exposed records
  • Several medical breaches ranging up to 1.9 million records caused a spike in the total records for the health services field.

ITRC was unable to draw any long term conclusions from these initial findings.

For further details of the ITRC visit.

.

Epsilon admits to a data breach that could affect millions

On the 1st April 2011 Epsilon reported on their website “On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.”

Whilst there is no immediate financial risk to those individuals who have had their name and email address stolen there is the risk of their information being used for Spam and phishing attacks.

Epsilon is one of the world’s largest “provider of multi-channel marketing services” and claims to have 2,500 clients, including 7 of the Fortune 10. These clients in the words of Epsilon “trust Epsilon to build and host their customer databases”.

It is believed that Best Buy, TiVo, Walgreens, Capital One, JP Morgan, Citigroup and Kroger are among the 2,500 clients of Epsilon who are likely to have been affected.

It is expected that Epsilon’s clients will issue warnings about the lose of data. This in itself will be part of the problem, because as businesses seek to protect their reputations they will become spammers by sending unwanted emails.

The there is the potential for the hackers to introduce phishing attacks disguised as the legitimate business trying to protect their brand, for example, “sorry we lost your information, can you please update your details here…”

Epsilon’s press release is here.

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: