Experian Must Learn From Past Errors And Use Continuous Monitoring – Chuck Leaver

Written By Josh Applebaum And Presented By Charles Leaver Ziften CEO


Experian Have to Learn from Past Errors And Implement A Constant Monitoring Solution


Operating in the security industry, I have actually constantly felt my job was hard to explain to the average individual. Over the last couple of years, that has actually changed. Regrettably, we are seeing a new data breach revealed every couple of weeks, with a lot more that are kept secret. These breaches are getting front page attention, and I can now explain to my friends exactly what I do without losing them after a couple of sentences. However, I still question what it is we’re learning from all this. As it ends up, numerous businesses are not learning from their own mistakes.

Experian, the worldwide credit reporting company, is a business with a lot to learn. A number of months ago Experian revealed it had discovered its servers had actually been breached and that consumer data had actually been stolen. When Experian announced the breach they reassured clients that “our consumer credit database was not accessed in this breach, and no payment card or banking information was acquired.” Although Experian made the effort in their announcement to assure their customers that their monetary details had not been taken, they further elaborated on what data in fact was taken: consumers’ names, addresses, Social Security numbers, date of birth, driver’s license numbers, military ID numbers, passport numbers, and additional details used in T- Mobile’s own credit evaluation. This is scary for 2 reasons: the first is the kind of data that was stolen; the second is the fact that this isn’t really the very first time this has taken place to Experian.

Although the hackers didn’t leave with “payment card or banking info” they did walk away with personal data that could be exploited to open new credit card, banking, and other monetary accounts. This in itself is a factor the T-Mobile consumers included ought to be nervous. However, all Experian consumers must be a little nervous.

As it ends up, this isn’t the first time the Experian servers have actually been compromised by hackers. In early 2014, T-Mobile had revealed that a “relatively small” number of their consumers had their individual info taken when Experian’s servers were breached. Brian Krebs has a really well-written blog post about how the hackers breached the Experian servers the first time, so we won’t enter into excessive detail here. In the very first breach of Experian’s servers, hackers had exploited a vulnerability in the organization’s support ticket system that was left exposed without first needing a user to confirm before using it. Now to the frightening part: although it has become extensively known that the cyber attackers utilized a vulnerability in the company’s support ticket system to get access, it wasn’t till right after the 2nd hack that their support ticket system was closed down.

It would be hard to believe that it was a coincidence that Experian decided to take down their support ticket system just weeks after they announced they had actually been breached. If this wasn’t a coincidence, then let’s ask: what did Experian find out from the very first breach where consumers got away with sensitive client data? Businesses who save their clients’ delicate details need to be held accountable to not only protect their clients’ data, however if also to make sure that if breached they patch the holes that are found while investigating the attack.

When businesses are examining a breach (or prospective breach) it is crucial that they have access to historic data so those investigating can try to piece back together the puzzle of how the cyber attack unfolded. At Ziften, we provide a solution that enables our consumers to have a continuous, real-time view of the whole picture that takes place in their environment. In addition to offering real time visibility for identifying attacks as they happen, our constant monitoring system records all historical data to allow consumers to “rewind the tape” and piece together what had actually happened in their environment, regardless of how far back they need to look. With this new visibility, it is now possible to not just find out that a breach happened, but to likewise find out why a breach happened, and ideally learn from previous errors to keep them from taking place again.

UCLA Health Data Breach Proves That The Same Thing Is Happening Over And Over – Chuck Leaver

Written By Craig Hand And Presented By Ziften CEO Chuck Leaver


UCLA Health Data Breach Likely Due To Inferior Security

UCLA Health revealed on July 17th 2015 that it was the victim of a health data breach impacting as much as 4.5 million healthcare clients from the 4 hospitals it runs in the Southern California area. As stated by UCLA Health officials, Personally Identifiable Information (PII) and Protected Health Information (PHI) was accessed but no proof yet suggests that the data was taken. This data went as far back as 1990. The authorities also specified that there was no proof at this time, that any charge card or financial data was accessed.

“At this time” is essential here. The info accessed (or potentially taken, its definitely difficult to understand at this moment) is virtually great for the life of that individual and potentially still useful past the death of that person. The information available to the criminals included: Names, Addresses, Phone numbers, Social Security Numbers, Medical condition, Medications prescribed, Medical procedures carried out, and test outcomes.

Little is understood about this cyber attack like so lots of others we discover however never hear any real information on. UCLA Health found uncommon activity in segments of their network in October of 2014 (although access possibly started one month earlier), and instantly called the FBI. Finally, by May 2015 – a complete 7 months later – investigators stated that a data breach had actually happened. Again, officials declare that the cyber attackers are more than likely highly advanced, and not in the USA. Finally, we the public get to hear about a breach a complete 2 months later on July 17, 2015.

It’s been stated so many times previously that we as security specialists need to be correct 100% of the time, while the cyber criminals just need to find that 1% that we might not be able to remedy. Based upon our research about the breach, the bottom line is UCLA Health had inferior security practices. One reason is based upon the basic reality that the data accessed was not encrypted. We have had HIPAA now for some time, UCLA is a well renowned bastion of Higher Education, yet still they failed to protect data in the simplest ways. The claim that these were extremely advanced individuals is likewise suspicious, as so far no real proof has been produced. After all, when is the last time that a company that has been breached claimed it wasn’t from an “sophisticated” attack? Even if they claim they have such evidence, as members of the general public we will not see it in order to verify it properly.

Since there isn’t really enough divulged info about the breach, its difficult to figure out if any solution would have assisted in discovering the breach quicker rather than later on. However, if the breach began with malware being delivered to and executed by a UCLA Health network user, the probability that Ziften might have helped in discovering the malware and potentially stopping it would have been reasonably high. Ziften might have likewise notified on suspicious, unknown, or known malware in addition to any interactions the malware might have made in order to spread out internally or to exfiltrate data to an external host.

When are we going to learn? As all of us understand, it’s not a matter of if, however when, organizations will be attacked. Smart organizations are getting ready for the inescapable with detection and response solutions that mitigate damage.


With Ziften Endpoint Security Adult Friend Finder Data Leak Could Have Been Prevented – Chuck Leaver

Written By Chuck McAuley And Presented By Chuck Leaver Ziften CEO


Endpoint Security Is The Best Friend For Adult Friend Finder

Adult Friend Finder, an online “dating service” and its affiliates were hacked in April. The breached info included credit card numbers, usernames, passwords, birth dates, address details and personal – you know – choices. What’s often not highlighted in these cases is the financial worth of such a breach. Many would argue that having an email address and the associated data might be of little worth. Nevertheless, much the same way metadata collection offers insight to the NSA, this kind of information supplies opponents with plenty of leverage that can be utilized against the general public. Spear phishing ends up being a lot easier when hackers not just have an e-mail address, but also area, language, and race. The source IP addresses collected can even offer exact street locations for cyber attacks.

The attack methodology deployed in this example was not released, however it would be reasonable to assume that it leveraged a type of SQL Injection attack or similar, where the info is wormed out of the back-end database through a defect in the web server. Another possible methodology might have been pirating ssh keys from a jeopardized admin account or github, but those tend to be secondary most of the time. In any case, the database dump itself is 570 Mb, and assuming the data was exfiltrated in a couple of large transactions, it would have been very obvious on a network level. That is, if Adult Friend Finder were using a service that offered visibility into network traffic.

Ziften ZFlow ™ allows network visibility into the cloud to capture aberrant data transfers and attribute to particular executing procedures. In this case, the administrator would have had 2 chances to observe the abnormality: 1) At the database level, as the data was extracted. 2) At the webserver level, where an irregular quantity of traffic would be sent out to a specific address. Organizations like Adult Friend Finder must acquire the essential endpoint and network visibility needed to safeguard their clients’ personal data and “hook up” with a company like Ziften.

A Personal Story Of Compromised Biometric Data Due To The OPM Breach – Chuck Leaver

Written By Mike Hamilton And Presented By Ziften CEO Chuck Leaver



Enhanced Security of Personal and Biometric Data Is Needed After OPM Breach



Recently, I had to go through a fairly substantial background check procedure. At the time it was one of those scenarios where you sign into the website, offer your social security number, a plethora of delicate details about you and your household, and trust the federal government (and their professionals) to take care of that personal data.

As I got home the other evening and took a seat to begin writing this post, I looked at the stack of mail sitting on my desk and saw one of those envelopes with the perforated edges that normally consist of sensitive info.

Of course, you need to open those kinds of envelopes. Sadly at that moment all my worst concerns had come true.

What I discovered was my very own letter detailing that basically every delicate piece of info one may want to know about me – along with comparable details on 21 million other Americans – was accessed throughout the OPM breach.
Oh, and by the way, there’s the fact that my biometric identity was also compromised:




At this point, despite the fact that “federal experts” think that it’s no big deal, my iPhone disagrees with them. Bruce Schneier wrote an excellent piece on this, so I will not belabor the points he makes. However eventually we all have to ask some hard questions:

When is this going to cease?

Who is accountable for stopping it?

Who is going to in fact stop it?

Who is going to be held responsible when breaches occur?

These kinds of breaches are why at Ziften we are so passionately constructing our next-generation security tools. While we as a security provider might never ever totally stop or avoid these kinds of breaches from taking place, maybe we can make them so much harder and time consuming. When you think about it, until the community states “this has to stop” this is going to continue to happen daily.

Better Endpoint Security Might Have Prevented Ashley Madison Breach – Chuck Leaver

Written By Michael Vaughn And Presented By Chuck Leaver Ziften CEO


Life is Too Short to Not Install Endpoint Security.


Ashley Madison’s tagline is “Life is short. Have an affair.” It seems security falls a bit short at the company, nevertheless, as countless client records were publicized for the whole world to see in a recent breach. Openly, there are just theories regarding who exactly breached the scandalous operation. It could have been an inside job. Other possibilities, such as the infamous hacking group Impact Team, are declaring victory over the red-lettered organization. But exactly what appears is the publicly-published list of thirty two million user identities. Furthermore, CEO Noel Biderman lost his job, and the organization is dealing with an insurmountable number of law suits.

It has been found that bots were communicating with users, and the number of users included just a small number of women. In a farcical style, the website still specifies it was a winner of a “Trusted Security Award” and offers total confidentiality for its users. Their claim of “Over 42,705,000 confidential members!” on the homepage is as shameful as the service they offer. The taken list of users is so quickly accessible that 3rd parties have actually currently created interactive sites with the names and addresses of the exposed cheaters. Per Ashley Madison’s media page, they “instantly implemented an extensive investigation making use of premier forensics specialists and other security specialists to identify the source, methodology, and impact of this incident.” If Ashley Madison had actually been more proactive in their techniques of endpoint security, they could have potentially been notified of the cyber attack and stopped it prior to data could have been stolen.

Advanced endpoint security and forensic applications – for example those offered by Ziften – could have potentially prevented this company from the shame it has actually had to deal with. Not only could Ziften have informed security personnel of the suspicious network activity in the dead of night of an attack, however it could have avoided a range of actions on the database from being carried out, all while letting their security group sleep a little easier. Life is too short to let security concerns keep you awake at night.