Deloitte breached by hackers for months

On September 25, 2017, Deloitte announced that they detected a breach of the firm’s global email server via a poorly secured admin email in March of this year. We go over the breach and provide suggestions for Deloitte's cybersecurity clients. Categories: Business Security world Tags: breachcybersecuritydata breachdeloittehackedhackers (Read more...) The post Deloitte breached by hackers for months appeared first on Malwarebytes Labs.
Read more

Hacker Hat-trick at TalkTalk

For the third time this year the UK broadband provider TalkTalk have seen their online defenses fall to cyber attackers.While the company has been quick to notify their customers of the breach (it was observed on Wednesday this week and reported the following day) and are currently working with law enforcement, details are still relatively sparse. Given the very short period between detection of the attack and public notification, it is unlikely any significant cyber forensics exercise has been conducted… so it’ll likely take those tasked with the investigation a couple of weeks to get a solid understanding of the scope of the breach and what was likely touched or stolen by the attackers.Regardless, the stories currently being published as to the nature of the breach and what has actually been stolen are confusing and the details often contradictory (see Business Insider, The Telegraph, BBC, and AOL). It would appear that the names, addresses, dates of birth, email addresses, telephone numbers, TalkTalk account information, and credit card and/or bank details of some 4,000,000 subscribers may have been stolen and that the data may not have been (completely?) encrypted… or maybe the encryption keys were...
Read more

Experian Breached; T-Mobile Customer’s Loss

The last couple of days has seen yet another breach disclosure - this time it's Experian, and the primary victims are 15m T-Mobile customers in the US. It was interesting to note T-Mobile's CEO, John Legere, publicly responding to the breach and the effect on his customers. He's angry, and rightfully so. I'm sure there are a bunch of other credit bureaus now lining up to secure new business.Some personal thoughts on the breach and it's effects:As is so often the trend now, professional hackers and cybercriminals are investing in the long game – stealthily taking control of a network and the data it contains over weeks, months and even years. Instead of opportunistic zero-day exploitation against lists of potential vulnerable targets, hackers carefully probe, infiltrate, and remove evidence of compromise against specific targets. Their end game is perpetual access to the target. The difference is as stark as killing the cow for today’s BBQ, or silently milking it for years.While many organizations now employ encryption and cryptographic techniques to protect personal customer data. Many of the techniques employed are dated and focus predominantly on a mix of data-at-rest protection...
Read more