Following the scandal about Yahoo post-breach, Matt Walker, VP Northern Europe at HEAT Software commented below.

Matt Walker, VP Northern Europe at HEAT Software:

matt-walker“Thus far Yahoo! has disclosed very little information which I find disappointing. There are a number of key questions which its users deserve to have answered. When did it first discover it had been attacked? What is their evidence to suggest it is state sponsored? And can they be certain they’ve closed off the original vulnerabilities that allowed the attackers inside the network in the first place?

In the absence of any concrete information from the affected company it’s likely the method of attack will closely mirror that of previous large scale data breaches. If so, they would first have looked to deliver malware inside Yahoo’s system, most probably by exploiting an existing software vulnerability for which a remediation was already available. A combination of automated patch management and intelligent whitelisting is an effective protection against this as it vastly reduces the potential access points for attackers and ensures that even if malware is successfully delivered it simply isn’t allowed to run.

Once inside the system the attackers would then take action to hide its presence and to make a connection with the attackers so that they could begin to probe deeper into the network to see what was available. In this case it appears the attack concluded once the details of 500 million users had been copied and transferred.”

Information Security Buzz