pointer

Tag Archives: security breach

The Worst Cyber Attacks and Data Breaches of 2014

Compiling a list of the most crippling cyber-attacks and data breaches of 2014 is a real eye-opener. Regardless of the size or industry, no business is completely immune from these vulnerabilities. As such, these criminal acts are important to publicize because they highlight a larger point about the importance of cyber security. In many ways, 2014 was the year that businesses—and the public at large—finally realized just how vulnerable they are to malicious attacks. Here are five incidents that opened eyes:

1.  JPMorgan

Hackers who perpetrated the cyber attack on JPMorgan compromised information from 76 million households and 7 million businesses. Although the financial services company says there is no evidence that personal account information or passwords were stolen, a New York Times report stated the hackers “drilled deep into the bank’s vast computer systems, reaching more than 90 servers.” This incident was particularly troubling because banks were previously considered relatively secure against hacks.

2.  Target

Although the Target data breach technically occurred during the 2013 holiday season, the company and its customers felt the ramifications well into this year. In fact, the incident eroded customers’ trust and hurt Target financially to the point that former CEO Gregg Steinhafel eventually resigned. Perhaps most disturbing about this attack was that Target received security alerts about the malware hackers were uploading into the system but ignored these notifications because they were difficult to verify.

3. eBay

The e-commerce giant was compromised sometime in February or March, as hackers were able to steal employee credentials and steal somewhere in the neighborhood of 145 million user passwords. Unfortunately the year only got worse from there, as the company was hacked again in September, this time so thoroughly that some links on the site actually directed users to spoof pages setup by criminals to look like eBay pages and trick customers into unwittingly handing over personal information.

4Home Depot

In what can only be termed an unmitigated disaster, the home improvement giant had malware running on its systems for five months before the problem was detected. Criminals made off with 56 million credit card numbers, gathering the information from self-checkout lanes at the store’s brick-and-mortar locations. In an effort to improve its public image, Home Depot offered free identity protection services for victims and is still trying to untangle all the details of the incident to get a clearer picture of what happened.

5. P.F. Chang’s China Bistro

The restaurant chain was compromised at 33 of its locations as hackers stole customer information from credit and debit cards. Amazingly, the intrusion went undetected from October of 2013 until June of this year before the Secret Service made the company aware that it had been breached.

Will 2015 Be Better?

Although hackers are always developing new techniques, businesses can drastically reduce the risk of an intrusion and make it easier to spot attacks as they happen by deploying network monitoring and cyber security solutions. For more information about how WildPackets helps protect organizations against criminals, download our white paper, “Real World Security Investigations With Network Forensics.”

WildPackets Host Free Webinar Series on Network Forensics and Security

As attackers and attack vectors evolve more and more every day, further evidence pertaining to breaches and data exfiltration attacks come to surface only in Web traffic. When you suspect an attack, you need to answer the questions who, what, when and how – fast. Network forensics offers the best answer. Security analysts and network engineers can use network forensics to analyze what tactics a hacker used to infiltrate the network. With a clear view of all traffic, engineers can drill down quickly into any anomalies and uncover the source of a data or security breach. Knowing the importance of this tool, we thought it valuable to offer a series of free webinars on leveraging modern network forensics to protect your data.

On December 17th, Jay Botelho, Director of Product Management for Wildpackets will cohost with Keatron Evans, Principal of Blink Digital Security. They will be highlighting how network forensics—network traffic recording along with powerful search and analysis tools—can enable your in–house security team to track down, verify and characterize attacks. Keatron will look into a few real-world security breach scenarios as well as demonstrate best practices for attack analysis using network forensics.  We’ll look at common “browse by” hacks, rootkit based exfiltration and covert channel communications as the attack vectors and how to investigate them.

On December 19th, WildPackets resident experts will host a live, hands-on workshop with interactive demos and use cases.

Register at the below sites to participate:

Dec 17thLearn How to Use Network Forensics to Investigate Security Breaches

Dec 19thNetwork Forensics for Security Investigations

If you are interested in learning about network monitoring, analysis trends and best practices for troubleshooting wireless networks and virtual environments, don’t miss these webinars.

JP Morgan Breach Latest Indication of Massive Cyber Threat

It happened again. This time, JP Morgan, America’s largest bank, was targeted by hackers who stole contact information for 76 million households and 7 million small businesses through a variety of entry points, including the website for a corporate event. Hackers repeatedly attacked the system over a two-month period and accessed addresses, phone numbers, email addresses as well as internal JPMorgan Chase information, which may or may not include account numbers and other sensitive financial information.

Perhaps more disturbing than the sheer volume of information that the intruders took, however, is the fact that a behemoth financial institution was the victim of such a large-scale attack. Until now, the majority of network intrusions have been perpetrated on retailers, an industry that historically has been weak on cyber security. Banks, by comparison, typically spend heavily on data protection.

The question, then, for financial companies, retailers and any other business that maintains sensitive information, is whether or not they are spending on the right solutions. The fact is, many security products on the market now were not built for 10G network analysis, let alone 40G, meaning engineers may struggle to get a clear view of the entire network. WildPackets’ network monitoring and network forensics solutions, however, can give organizations unprecedented visibility across their high-speed networks and capture the network traffic to quickly respond to attacks and answer the critical questions of who, how, what and when. WildPackets’ security forensics analysis tools are built upon four primary capabilities:

  • Network Recording: capturing network traffic from 1G, 10G, and 40G networks around the clock for forensic analysis
  • Searching and Inspection: enabling administrators and security experts to comb through archived traffic for anomalies and signs of security events
  • Trend Analysis and Baselining: characterizing network and application usage so that anomalies can be detected more quickly
  • Reporting: capturing data and distilling analysis into reports so that security and IT experts can log the results of their investigations and review network vulnerabilities after an attack has taken place

At this point, the facts speak for themselves. Cyber criminals are employing more sophisticated methods than ever before and are having incredible success breaching networks as a result. It’s time for your company to fight fire with fire, or risk getting burned.