New expert comments on the latest breach news
Reuters reported that Japan’s Pension Service staff computers were improperly accessed by an external email virus, leading to the leak of some 1.25 million cases of personal data. Security experts from Lieberman Software, Proficio and Securonix commented on this news :
Philip Lieberman, President, Lieberman Software (www.liebsoft.com) :
“The APAC region and Japan in particular has been a region that is resistive to the adoption of modern security technologies. The breach at Sony is typical of a culture that does not recognize the risks they are taking in world of Internet connected systems. As a company we see the APAC region as an especially attractive region for criminals to exploit based on their wealth as well as lack of security.”
John Humphreys, CMO and co-founder, Proficio (www.proficio.com) :
“This attack and the recent IRS data breach make it clear that government systems are increasingly at risk of being targeted by cyber criminals that want to steal and monetize personal identity data. Agencies collecting and storing PII should review their security systems and controls to address this threat.”
Igor Baikalov, chief scientist, Securonix (www.securonix.com) :
“It surely seems like a round of anniversary breaches: Heartland celebrated its seventh anniversary of the worst breach in the history of the connected world back in 2008, when 130 million credit and debit cards were compromised, with the announcement of a new incident that involves payroll information, including bank account details. Japan Pension Service celebrates its eighth anniversary of the pension-records scandal that cost Primer Minister Abe an election in 2007 with the announcement of computer breach that exposed some 1.25 million cases of personal information.
In both cases, past failures didn’t seem to improve future security in either organization. Download of infected email, execution of the malicious attachment, account compromise, remote access, and subsequent data exfiltration are the most likely steps in the pension system hack that were either not detected or not connected together into the kill chain of the attack. Apparently, both anti-virus control and data loss prevention (DLP) failed in this scenario, and there were no user behavior analytics (UBA) or anomaly detection engine employed that could detect account misuse and suspicious data movement. As in the Heartland scenario, sensitive data was not encrypted and can inflict substantial damage if used for identity theft or financial fraud.
