Lessons Learned From The Target Cyber Attack And What To Do To Avoid A Similar Situation – Chuck Leaver

By Chuck Leaver CEO Ziften

 

After Target was breached it took several months for the company to recuperate and be offered a clean bill of health.

Continuous Recovery Effort And Reports Of Financial Loss

It was a significant story when Target experienced its data breach. Like all significant news releases it faded into the background as far as being covered nationally, however as far as the store is concerned it was still a significant concern. The store lowered its revenue projections for 2014 once again, which suggests that the business had actually undervalued the impact of the harmful attack that they were exposed to, according CNN Money.

The reduction in profits was truly considerable and the company wound up declaring 62% less profits. In addition to this they had to pay out $111 million as a direct outcome of the breach in the 2nd fiscal quarter and all of this adds up to a business that was once robust now looking a shadow of its previous self because of a cyber attack.

As the fallout continued, the scale of the cyber attack began to emerge. Data for around 110 million individuals was compromised, and stolen charge card data was experienced by 40 million of those individuals. As news got out about the breach, the business made some major changes that included the application of more strict cyber security measures and the change out of the system admin. Long standing CEO, Gregg Steinhafel, also resigned. However it is not considered enough to alleviate the effect of the attack. The stakeholders of Target are absorbing the unfavorable results of the attack as much as the company itself according to Brian Sozzi of Belus Capital.

In an e-mail to CNN Money Sozzi said “Target just dropped an epic full year earnings warning onto the heads of its remaining investors.” “Target has offered financiers NO reason to be encouraged that a global turn-around is secretly emerging.”

Target Provides A Lesson For All Organizations About Improved Pre-emptive Steps

 

No matter how proactive a company is to a cyber attack, there is no guarantee that the recovery time will be quicker. The bottom line is that a data breach is bad news for any company no matter how you call it or try to fix it. Preventative measures are the very best way forward and you need to take actions to make sure an attack does not happen to your organization in the first place. The use of endpoint threat detection systems can have a significant role in maintaining strong defenses for any company that opts to implement it.

 

Chuck Leaver – Russian Hackers Stole Billions Of Credentials So Protect Your Organization With Continuous Endpoint Monitoring

Chuck Leaver Ziften CEO

 

It is believed that the most significant known cyber attack in the history of data breaches has been discovered by an American cyber security company. It is believed by the company that a team of cyber lawbreakers from Russia that they have been examining for numerous months is responsible for stealing passwords in the billions and other sensitive individual data. It is declared that the Russian group stole 4.5 billion credentials, although a lot were duplicated, and the end result was 1.2 billion unique data profiles being stolen. The group took the information from 420,000 sites of different sizes, from large brand name sites to smaller sized mom and pop stores.

The New York Times stated that the cyber bad guys comprised of about 12 individuals. Beginning with small scale spamming techniques in 2011 they acquired the majority of the data by buying stolen databases.

In an interview with PCMag, the founder of the company that discovered the breach, Alex Holden, said “the gang begun by simply buying the databases that were offered online.” The group used to buy at fire sales and were described as “bottom feeders”. As time progressed they began the purchase of higher quality databases. It’s kind of like graduating from stealing bicycles to stealing pricey cars.”

A Progression From Spamming To Using Botnets

 

The cyber criminal group began to alter their behavior. Botnets were employed by the group to gather the stolen data on a much bigger scale. Through using the botnets the group were able to automate the procedure of recognizing websites that were susceptible and this allowed them to work 24/7. Anytime that a contaminated user would visit a website, the bot would check to see if the vulnerability would undergo an SQL injection automatically. Using these injections, which is a frequently used hacking tool, the database of the site would be forced to reveal its contents through the entering of a simple query. The botnets would flag those websites that were vulnerable and the hackers returned later on to extract the information from the site. The use of the bot was the supreme downfall of the group as they were detected by the security company using it.

It is believed by the security business that the billions of pieces of data that were stolen were not stolen at the same time, and that most of the records were most likely purchased from other cyber lawbreakers. According to the Times, very few of the records that were taken have actually been offered online, rather the hacking group have actually decided to use the information for the sending out of spam messages on social networks for other groups so that they can earn money. Different cyber security experts are asserting that the magnitude of this breach is part of a trend of cyber crooks stockpiling big amounts of individual profiles with time and conserving them for use in the future, according to the Wall Street Journal.

Security analyst at the research firm Gartner, Avivah Litan, said “businesses that count on user names and passwords have to develop a sense of urgency about altering this.” “Until they do, criminals will simply keep stockpiling people’s credentials.”

Cyber attacks and breaches on this scale highlight the requirement for companies to protect themselves with the latest cyber security defenses. Systems that utilize endpoint threat detection and response will assist organizations to create a clearer picture of the threats facing their networks and receive info that is actionable on how best to prevent attacks. Today, when big data breaches are going to happen increasingly more, using continuous endpoint visibility is important for the security of an organization. If the network of the company is continuously monitored, threats can be determined in real time, and this will decrease the damage that a data breach can inflict on the credibility and bottom line of a company.

 

Learn Why The Ziften And Splunk Active Response Framework Will Provide You With Major Beneifts – Chuck Leaver

Written By Chuck Leaver CEO Ziften

 

 

We were the sponsor in Las Vegas for a terrific Splunk.conf2014 program, we returned stimulated and raring to go to push on even more forward with our solution here at Ziften. A talk that was of specific interest was by the Security Solutions Architect for Splunk, Jose Hernandez. “Using Splunk to Automatically Alleviate Risks” was the name of his presentation. If you wish to see his slides and a recording of the presentation then please go to http://conf.splunk.com/sessions/2014

Using Splunk to help with mitigation, or as I prefer to describe it as “Active Response” is a very good idea. Having all of your intelligence data streaming into Splunk is very effective, and it can be endpoint data, outside risk feeds etc, then you will be able to act on this data really finishes the loop. At Ziften we have our effective continuous monitoring on the endpoint solution, and being wed to Splunk is something that we are truly extremely proud of. It is a truly strong move in the right direction to have real time data analysis coupled with the capability to respond and take action against events.

Ziften have developed a mitigation action which uses the offered Active Response code. There is a demo video included in this blog below. Here we were able to create a mitigation action within our Ziften App for Splunk as proof of concept. After the action is produced, results within Splunk ES (Enterprise Security) can be observed and tracked. This truly is a major addition and now users will have the ability to monitor and track mitigations within Splunk ES, which offers you with the significant advantage of being able to complete the loop and develop a history of your actions.

The fact that Splunk is driving such an effort thrills us, this is likely to progress and we are dedicated to continuously support it and make more development with it. It is extremely exciting at the moment in the Endpoint Detection and Response space and the Active Response Framework built into Splunk being included will certainly promote a high degree of interest in my viewpoint.

For any questions regarding the Ziften App for Splunk, please send an email to sales@ziften.com