Krebs points out the potential initial culprit in gaining credentials to access the CareFirst network and data may have been similar to the Doppelgänger attacks Proficio discussed in our April 23, 2015 blog on ‘Wire Transfer Scams on the Rise’. Wiki describes a Doppelgänger as ‘a double or evil twin… in some traditions (portrayed) as a harbinger of bad luck’. In the security community a Doppelgänger domain impersonating another domain name to trick or re-direct user’s to go to the site and enter private information or download malware. An example of a Doppelgänger for CareFirst[dot]com would be registered as CareFiirst[dot]com.
As with any Breach we read about these days, it merely starts with a single malicious event considered an incident that compromises a network perimeter or device and then propagates through a series of further malicious events inside an organization through what we call a Kill Chain of incidents. An ultimate Breach, typically a loss or exfiltration of data, almost always is predicated by a series of these incidents to gain higher level credentialed access and data gathering. The test of a great security program is to be able to correlate these incidents together to discover a pattern in the Kill Chain and block the next step before a breach occurs. When you see announcements of breaches where the attacker has been inside the network propagating for some time, it usually means an organization needs to re-evaluate and adjust the Security Operations Center threat detection program or call on a SOC-as-a-Service organization as a long term partner.
By Brad Taylor, CEO of Proficio
About Proficio
Proficio is a leading Managed Security Service Provider (MSSP) changing the way organizations meet their IT security and compliance goals. It provides the most advanced cloud-based solutions and advanced expertise, insight, experience and unrelenting passion, monitoring and scanning critical assets to defend enterprise networks and applications from cyber attacks and protect compliance. Its founders have helped build and bring to market many of today’s acknowledged best-in-class security tools. Proficio partners with leading organizations such as HP ArcSight, Qualys, Palo Alto Networks, and NRI Security.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.