[Infowarrior] - My Comments on the breach at [$COMPANY_NAME$]

Richard Forno rforno at infowarrior.org
Mon Sep 25 15:20:24 CDT 2017 

Wish I'd thought of this....
 --rick

http://www.ranum.com/security/computer_security/editorials/generator/index.html

My Comments on the breach at [$COMPANY_NAME$]

I heard about the breach at [$COMPANY_NAME$] and the 
[$BREACH_QUANTITY$] [$DATA_TYPE$ one of "credit card", "patient 
record", "social security number", "user login", "hashed passwords",
"national security secrets", "Hollywood star's 'selfies'"] 
compromised. Of course this is a serious matter and is the largest 
since [$YESTERDAY_DATE$]

The people at [$COMPANY_NAME$] have not yet released details, which is 
appropriate given an incident response of this magnitude. I understand 
that they have the [$RESPONDER_NAME$ multiple of "FBI", "NSA", "CIA", 
"Mandiant", "army of consultants", "Keystone Kops"] involved and have 
issued a press release.

My guess is that the attackers were able to initially breach the target 
using a [$ATTACK_TYPE$ one of "phishing attack", "brilliantly clever 
targeted phishing attack", "piece of custom malware", "cat with a WiFi 
interface implanted in its head", "SQL injection attack", "basic 
website vulnerability", "army of ninjas", "variant of Stuxnet"] which 
is [$UNEXPECTED$ one of "totally unexpected", "the way it usually 
happens", "innovative", "obscure as hell", "bloody typical"] form of 
attack that is often used by [$USUAL_SUSPECTS$ multiple of "China", 
"North Korea", "CIA", "NSA", "Anonymous", "brotherhood of blades", 
"Bavarian Illuminati", "Trilateral commission", "hackers who have read 
'Hacking Exposed'", "any complete newbie"]   Until I know more about
it, I can't really guess about the details.

However, this illustrates the basic issues in information security, 
which is that organizations don't appear to have effective responses to 
basic malware and/or phishing attacks, and have aggregated critical 
data into central locations on their networks where it is accessible. 
Once an attacker gets inside, it is pretty easy for them to escalate 
privileges, find out where the data is, and exfiltrate it. 
Organizations with critical data should segregate it off their network, 
perform regular vulnerability audits and remediation, maintain detailed 
system logs, and use two factor authentication for administrator 
access. If it's a large organization, Big Data also helps, but I am
not sure how.

More information about the Infowarrior mailing list