Cutting Through The Weekly Mobile Security Noise: Data Breach Recap
“We have known for a long time that there are significant vulnerabilities,” Obama said during a press conference in Germany. “And these vulnerabilities are going to accelerate for a long time.”
The President commented on the chaos we’ve seen over the past few weeks, where a number of large scale security breaches have reportedly hit government agencies and companies both large and small. From the theft of 4 million federal workers personally identifiable information to the recent U.S. Army website attack, it has been a breach free-for-all.
This week we’re recapping the large-scale cyber attacks that are proving even the most powerful, knowledgeable and prepared companies are vulnerable to security breaches.
Chinese-based hackers allegedly attacked the Office of Personnel Management and compromised the personal data of up to 4 million current and former employees. Officials have described this incident as one of the “largest thefts of government data ever seen.” In a statement released on Thursday, the OPM announced the data breach, which was detected in April. The agency also said they will send notifications to the 4 million federal works whose information may have been threatened. The Department of Homeland Security said it detected the huge breach partly through the use of a system known as Einstein, “an intrusion detection and prevention system that screens federal Internet traffic to identify potential cyber threats.” An FBI spokesman noted that the agency is working to investigate the hack and will hold accountable those who threaten the cyberspace.
Last week, the Internal Revenue Service failed to implement dozens of security upgrades that might have prevented the hacking of more than 104,000 US taxpayers. IRS Commissioner John Koskinen said this attack was the result of an organized crime and not one-off hacking. He also noted that hackers are moving faster and are more sophisticated than previous years, which makes intrusions almost impossible to detect. The agency’s IT staff is working with tax preparation software to create a strategy to protect hackers from filing false tax return and plans to announce these new measures next week.
On Monday, the U.S. Army’s website, www.army.mil was compromised by hackers who gained control and used it to post their own messages. The attackers who call themselves the, “Syrian Electronic Army” posted on Twitter and claimed they were the ones responsible. According to USA Today, as a result of the attack, the Army shut down the site and clarified that while the site had been hacked, no sensitive or personal information about Army soldiers or activities had been compromised.
This week Kaspersky Lab, one of the most well-known cybersecurity research firms based in Russia, has admitted to being hacked. “We discovered an advanced attack on our own internal networks,” Kaspersky Lab CEO and founder Eugene Kaspersky said in a blog post published earlier today, “It was complex, stealthy, it exploded several zero-day vulnerabilities, and we’re quite confident that there’s a nation state behind it.” The company called this attack “Duqu 2.0.” after a series of malware called Duqu, which was also used in attacks on Iran, India, France and Ukraine in 2011. According to Business Insider, while none of the firm’s customers we’re compromised, this attack gives the organization insight into the “next generation spying technologies hackers are developing.”