Researchers at InfoArmor published the new findings this morning, based on extensive analysis of collected threat intelligence from various dark web sources conducted to clarify the motivation and attribution of the key threat actors. The data theft of the Yahoo customer database may be the key in several targeted attacks against US Government personnel, which resulted after the breach of account information on affected high-level officials in the intelligence community, which occurred in October 2015.
Jonathan Sander, Vice President of Product Strategy at Lieberman Software:
“The fact that the suspects in the Yahoo breach are both nation states and criminals shows the rising sophistication and power of organized crime in the cyber landscape.
To crack one of the largest names on the Internet would take massive resources – even if the exploit was simple the research to uncover and take advantage of it would be significant.
For most security experts, that points right to a state level actor, but the criminals are getting so sophisticated so fast it’s hard to be sure. The other thing that may be at play is the shadowy nature of cybercrime. It’s easy to see people slipping from state level groups to the organized crime side – and back. Could it be that a state actor contracted a criminal organization to do the job? Who knows.”
John Gunn, Vice President at VASCO Data Security:
“No one should make the mistake of assuming that criminal hacking organizations are not coordinating their efforts with state-run hacking teams before an attack or sharing their stolen data after a breach.
Whether the attack was state sponsored or a criminal group, the results are the same, and the increased risk to half a billion people is the same, and the need for the online world to finally move away from passwords is the same. Now that mobile phones are enabling hassle-free multifactor authentication, the move away from passwords will accelerate.”
Mark Wilson, Director of Product Management at STEALTHbits Technologies:
“Criminal hackers make far more sense than state sponsored in the case of the Yahoo breach. State sponsored would suggest either a show of power or an attempt at disruption of service. Whereas a criminal act backs up the fact that personal data is valuable.
Hack Joe Public’s Yahoo credentials and you likely have the password to most of their online personas. Gain access to Joe Public’s mailbox and you will find a complete picture of their interests, financial history, social life and a smorgasbord of other useful information. All of which can be used to socially engineer fake online personas, credit applications and probable responses to any question and answer profiles. I’m sure we’ll be hearing about the fallout of this epic scale hack for years to come.”
Brad Bussie, CISSP, Director of Product Management at STEALTHbits Technologies:
It appears we are in the middle of a new offensive targeting our government and military.
Cyberattacks against large targets have traditionally been set, forget, and react on compromise. Look at ransomware for instance. This technique blasts out at much virulent content as possible and waits for the infected to start looking for a cure.
What we seem to be looking at with the Yahoo breach is different. It appears that the cybercriminal (nation state or otherwise) is beginning to play the long game. If a compromise back in 2014 is being linked to espionage in 2015 and now in 2016, we have a serious problem.
The problem is simple; passwords are no longer an effective means of protecting credentials and data. It is going to take a significant overhaul to fix the password issue. The industry has been buzzing about how to fix the password equation for several years so I won’t rehash it here.
What does need to be considered is, when is enough going to be enough? 500 million accounts seems like a good place to draw a line in the sand and effect some real change.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.