Sqrrl Blog

Dec 22, 2015 11:39:59 AM

Cyber Incident Matrix: VTech

Complexity Score: 0
Severity Score: 0
How did we get these numbers?

Incident Summary

Overview:

On November 14th, Hong Kong based toymaker VTech announced that its servers had been infiltrated after inquiries from the media, based on an anonymous tip to VICE Magazine. The anonymous tipper claims to be the hacker himself, describing in an interview with VICE that his only intention in the breach was to bring awareness to the blatant lack of cybersecurity at VTech.

  OPM Breach IRS Breach Anthem Breach ATM hacks Kaspersky hack Insider Trading hacks Ashley Madison Breach Penn State SSA Breach VTech Breach

Read More

Topics: Cybersecurity, Data Breach, Cyber Incident Matrix, VTech Breach

Nov 24, 2015 8:30:00 AM

Cyber Incident Matrix: Service Systems Associates (SSA)

Complexity Score: 2
Severity Score: 3
How did we get these numbers?

Incident Summary

Overview:

On October 13th, 2015, Service Systems Associates announced that it had discovered a breach of its point-of-sale systems that resulted in the loss of about 60,000 individuals’ credit card information. The data breach occurred in 10 client locations across the United States. SSA only recognized the breach months after its initialization, and did not release a report until almost four months after the breach.

Read More

Topics: Cybersecurity, Data Breach, Cyber Incident Matrix

Oct 28, 2015 12:39:00 PM

The Threat Hunting Reference Model Part 2: The Hunting Loop

In our previous post, part 1 of this blog series, we profiled the various stages of an organization’s hunting maturity scale. Cyber threat hunting is a proactive security approach for organizations to detect advanced threats in their networks. Until recently, most security teams have relied on traditional rule- and signature-based solutions that produce floods of alerts and notifications, and typically only analyze data sets after an indicator of a breach had been discovered as a part of forensic investigations.

The Threat Hunting process is meant to be iterative. You will never be able to fully secure your network after just a single hunt. To avoid one-off, potentially ineffective hunting trips, it's important for your team to implement a formal cyber hunting process. The following four stages make up a model process for successful hunting.

Read More

Topics: Cybersecurity, Cyber Hunting, Linked data analysis, Threat Hunting, Cyber Threat Hunting

Sep 28, 2015 4:20:00 PM

Taking the Backroad to a Secure Enterprise

Guest Blog by Richard Stiennon, Chief Research Analyst at IT-Harvest

This post originally appeared on the IT-Harvest blog.

It is often the case that rapidly changing technology allows laggards to leapfrog leaders. Rather than follow the same path as the trailblazers, those who come behind can take a shortcut. A country in South America bent on joining the modern world does not have to string phone lines across its mountains and jungles to achieve universal access to communications. It can build an LTE infrastructure, allowing its people to skip the fixed line stage and jump right to the latest smartphones and apps for Facebook and Instagram.

So too can an enterprise that is poorly defended get ahead of the race to security. The very best security infrastructures can be found at large financial institutions and defense contractors. Both have been battling targeted attacks for over a decade. They have purchased, deployed, and staffed every new technology brought out to combat every new threat: banks to counter cybercrime, the defense industrial base (DIB) to combat cyber espionage.

Read More

Topics: Cybersecurity, Cyber Hunting, Incident Response

Aug 3, 2015 11:30:00 AM

Cyber Incident Matrix: ATM Hacks

Complexity Score : 5
Severity Score : 4
How did we get these numbers?

Incident Summary

  • What was breached: Nearly 100 Banking institutions in over 30 countries

  • Delivery: 2013 (possibly earlier) - February 2015

  • The Attackers:  Allegedly Russian Hackers  

Overview:

Using email attachments infected with malware sent to bank employees, hackers were able to passively collect information on banking systems across nearly 100 banks, eventually using that information to gain access to critical systems, undetected. The intruders were able to mimic staff behavior in order to learn more about system operations, then open accounts and transfer money.

Read More

Topics: Cybersecurity, Cyber Incident Matrix

Jul 23, 2015 4:37:00 PM

A Framework for Cyber Threat Hunting Part 1: The Pyramid of Pain

While rule-based detection engines are a strong foundation for any security organization, cyber threat hunting is a vital capability for security organizations to have in order to detect unknown advanced threats. Hunting goes beyond rule-based detection approaches and focuses on proactively detecting and investigating threats.

Read More

Topics: Cybersecurity, Breach Detection, Cyber Hunting, Linked data analysis, Threat Detection

Jul 22, 2015 8:30:00 AM

Cyber Incident Matrix: Anthem

Complexity Score: 4
Severity Score: 5
How did we get these numbers?

Incident Summary

  • What was breached: Anthem customer profile database

  • Delivery: April 2014 - February 2015

  • The Attackers:  No formal incrimination, Chinese government is suspected

Overview:

On February 4th, 2015, Anthem Inc., formerly known as Wellpoint, announced that it had discovered a breach of its customer information database that resulted in the loss of 37.7 million records containing email addresses, home addresses, and Social Security numbers. After several weeks of forensic analysis, that number increased to 78.8 million affected records. While the formal FBI investigation has not concluded, it has been speculated that the Chinese government perpetrated the attack.

Read More

Topics: Cybersecurity, Data Breach, Cyber Incident Matrix, Healthcare Breach

Jul 16, 2015 9:30:00 AM

Cyber Incident Matrix: IRS Breach

Severity Score: 3
Complexity Score: 4
How did we get these numbers?

Incident Summary

  • What was breached: IRS Database of Taxpayer Information

  • Delivery: February-May, 2015

  • The Attackers:  Undisclosed “sophisticated enemies” originating in Russia

Overview:

On May 26th, 2015, the United States Internal Revenue Service (IRS) announced that the personal information of over 100,000 American taxpayers was stolen from “Get Transcript,” a service provided by the IRS that allowed taxpayers to get a transcript of their past tax activities. These transcripts were then used to file fraudulent tax returns in the name of the victims. Currently, the culprit is unknown to the public, though the IRS has indicated the attackers were Russian in origin.

Read More

Topics: Cybersecurity, Breach Detection, Data Breach

Jul 14, 2015 9:45:00 AM

Cyber Incident Matrix: OPM Breach

Severity Score: 6
Complexity Score: 6
How did we get these numbers?

Incident Summary

  • What was breached: The United States Office of Personnel Management (OPM). System specific breaches were not disclosed.

  • Delivery: March 2014 (possibly earlier) - April 2015

  • The Attackers:  Chinese state sponsered hackers (alleged)

Overview:

In April of this year, the US Office of Personnel Management (OPM) became aware of an intrusion in a personnel file database while working to upgrade its security infrastructure. As investigations continued, the OPM discovered that a second breach had occurred in which a variety of sensitive data on both former and current federal employees had been compromised and exfiltrated using credentials associated with an investigative contractor, KeyPoint Government solutions. Before being detected, the invaders had made off with personal information such as sexual history, drug use, friends, roommates, and more. The second breach was far more significant, raising the number of affected individuals to over 21 million.

Read More

Topics: Cybersecurity, OPM, Data Breach

Jul 9, 2015 8:00:00 AM

Introducing the Sqrrl Cyber Incident Matrix

A Sqrrl blog series focused on Data Breaches

Data Breaches are in the news again and again these days. Between the IRS, OPM, Target, Lastpass, and countless other private and public organizations, data and networks of all varieties are prime targets for both external attackers and internal infiltrators. Our newsfeeds, inboxes, and conversations are all saturated with people asking how and why these incidents occur. Over the past 12 months, cybersecurity issues have centered themselves more prominently at the center of public debate than they ever have been in the past. The rate at which private data is being compromised weekly is as alarming as it is impressive.

Today, we’re launching the Sqrrl Cyber Incident Matrix because we believe that there is a need for a place that collects, catalogues, and breaks down these incidents concisely, and in a manner that is easy to understand. Our goal is to take a look at data breaches in the news, rate them based on their severity and complexity, and analyze the known aspects of each breach. We’re not here to make wild theories; the purpose behind this blog is to collect the known facts about a breach and try to build a contextual narrative of how different breaches relate to each other.

Read More

Topics: Cybersecurity, Breach Detection, Outlier Detection, Data Breach, Incident Response