Following the scandal about Yahoo post-breach, Matt Walker, VP Northern Europe at HEAT Software commented below.
Matt Walker, VP Northern Europe at HEAT Software:
In the absence of any concrete information from the affected company it’s likely the method of attack will closely mirror that of previous large scale data breaches. If so, they would first have looked to deliver malware inside Yahoo’s system, most probably by exploiting an existing software vulnerability for which a remediation was already available. A combination of automated patch management and intelligent whitelisting is an effective protection against this as it vastly reduces the potential access points for attackers and ensures that even if malware is successfully delivered it simply isn’t allowed to run.
Once inside the system the attackers would then take action to hide its presence and to make a connection with the attackers so that they could begin to probe deeper into the network to see what was available. In this case it appears the attack concluded once the details of 500 million users had been copied and transferred.”