This week was full of BIG stories in the security and risk management space. Below is a summary of some of the news and blog posts you may have missed.
Perhaps the biggest story of the week; security journalist Brian Krebs broke the news on his blog that several data brokerage firms had been breached by an ID theft group. The firms affected included LexisNexis, Dun & Bradstreet and Kroll Background America. He reports that their networks had been compromised by a "small but very potent botnet" allowing the hackers to control the machines remotely, and that their access had been undetected for at least the past 5 months.
"The intrusions raise major questions about how these compromises may have aided identity thieves. The prevailing wisdom suggests that the attackers were going after these firms for the massive amounts of consumer and business data that they hold. While those data stores are certainly substantial, fraud experts say the really valuable stuff is in the data that these firms hold about consumer and business habits and practices."
Read part one of the story here and stay tuned for updates!
On October 1, the public health insurance exchanges associated with Obamacare are set to launch, allowing Americans to start registering for access to new affordable health care options. This week, the government agency responsible for developing these systems announced that they are ready for use and that all testing was completed. However, concerns about the security of the hub have been raised due to several factors, including how quickly the testing was completed (it was completed in 10 days as opposed to the estimated 51 initially estimated). The hub accesses personal records from seven different agencies, including the IRS, Veterans Health Administration, and the DOD.
"Government Executive magazine ran a story this week that reported that “due to limited means, Health and Human Services Department internal watchdogs do not intend to examine key security designs they did not have a chance to assess during [their] recent audit.”"
Read the full at IEEE Spectrum.
A story published on DarkReading highlighted research by a German email security provider, Eleven, into the exploitation of breaking news stories by cyber-criminals.
Prior to the Syria-related example, the average start time for a virus attack was already decreasing. In March 2013, when the new Pope was elected, the first malware and phishing attacks began after 55 hours. In April 2013, after the Boston Marathon bombing, it took 27 hours to see the first related attacks exploiting interest in the event. Further examples include the newborn royal baby and news about the NSA whistleblower Edward Snowden. But examples such as the recent Syria-related campaign in September show that spammers are not waiting around - they are becoming even "faster" than the events themselves.
Read more about the Eleven team's research here.
A Kaspersky Lab Security Expert, David Jacoby, posed an interesting question on the SecureList blog this week, "Do we really need to focus on future threats when we are still vulnerable to attacks that have been discussed for over 20 years?" In the post, he examined research that shows attackers are not always using the most sophisticated techniques to breach our networks, raising concerns about the effectiveness of current security and risk management policies.
"...the statistics show that we are quite good at protecting ourselves against vulnerabilities which are new, but strangely enough we have a tendency to forget about older vulnerabilities. Some systems are still vulnerable to vulnerabilities older than 10 years."
Click here to read more about Jacoby's research.