Written By Chuck McAuley And Presented By Chuck Leaver Ziften CEO
Endpoint Security Is The Best Friend For Adult Friend Finder
Adult Friend Finder, an online “dating service” and its affiliates were hacked in April. The breached info included credit card numbers, usernames, passwords, birth dates, address details and personal – you know – choices. What’s often not highlighted in these cases is the financial worth of such a breach. Many would argue that having an email address and the associated data might be of little worth. Nevertheless, much the same way metadata collection offers insight to the NSA, this kind of information supplies opponents with plenty of leverage that can be utilized against the general public. Spear phishing ends up being a lot easier when hackers not just have an e-mail address, but also area, language, and race. The source IP addresses collected can even offer exact street locations for cyber attacks.
The attack methodology deployed in this example was not released, however it would be reasonable to assume that it leveraged a type of SQL Injection attack or similar, where the info is wormed out of the back-end database through a defect in the web server. Another possible methodology might have been pirating ssh keys from a jeopardized admin account or github, but those tend to be secondary most of the time. In any case, the database dump itself is 570 Mb, and assuming the data was exfiltrated in a couple of large transactions, it would have been very obvious on a network level. That is, if Adult Friend Finder were using a service that offered visibility into network traffic.
Ziften ZFlow ™ allows network visibility into the cloud to capture aberrant data transfers and attribute to particular executing procedures. In this case, the administrator would have had 2 chances to observe the abnormality: 1) At the database level, as the data was extracted. 2) At the webserver level, where an irregular quantity of traffic would be sent out to a specific address. Organizations like Adult Friend Finder must acquire the essential endpoint and network visibility needed to safeguard their clients’ personal data and “hook up” with a company like Ziften.