Sqrrl Blog

Jan 14, 2016 4:22:06 PM

Living On an Exponential Curve of Breaches

Guest Blog by Richard Stiennon, Chief Research Analyst at IT-Harvest

Most of us live in the moment and most of us have trouble getting the big picture from the flood of breach announcements throughout the year. Anthem, Ashley Madison, OPM, all shocked us. After all these years how could large organizations be so ill protected against what are invariably unsophisticated attacks?

Read More

Topics: Malware, Data Breach, Cyber Threat Hunting, Security Analytics

Dec 22, 2015 11:39:59 AM

Cyber Incident Matrix: VTech

Complexity Score: 0
Severity Score: 0
How did we get these numbers?

Incident Summary

Overview:

On November 14th, Hong Kong based toymaker VTech announced that its servers had been infiltrated after inquiries from the media, based on an anonymous tip to VICE Magazine. The anonymous tipper claims to be the hacker himself, describing in an interview with VICE that his only intention in the breach was to bring awareness to the blatant lack of cybersecurity at VTech.

  OPM Breach IRS Breach Anthem Breach ATM hacks Kaspersky hack Insider Trading hacks Ashley Madison Breach Penn State SSA Breach VTech Breach

Read More

Topics: Cybersecurity, Data Breach, Cyber Incident Matrix, VTech Breach

Nov 24, 2015 8:30:00 AM

Cyber Incident Matrix: Service Systems Associates (SSA)

Complexity Score: 2
Severity Score: 3
How did we get these numbers?

Incident Summary

Overview:

On October 13th, 2015, Service Systems Associates announced that it had discovered a breach of its point-of-sale systems that resulted in the loss of about 60,000 individuals’ credit card information. The data breach occurred in 10 client locations across the United States. SSA only recognized the breach months after its initialization, and did not release a report until almost four months after the breach.

Read More

Topics: Cybersecurity, Data Breach, Cyber Incident Matrix

Nov 17, 2015 10:39:00 AM

Cyber Incident Matrix: Penn State

Complexity Score: 4
Severity Score: 2
How did we get these numbers?

Incident Summary

  • What was breachedPennsylvania State University's School of Engineering

  • Delivery: September 2012

  • The Attackers: Offshore entities, at least one located in China

Overview:

In November of 2014, the FBI alerted Penn State administrators that they had suffered a breach by a foreign entity. After several weeks of forensic analysis, it was determined that key machines inside the Penn State School of Engineering had been breached, containing the usernames and passwords of 18,000 university faculty, staff, and students. Several of the breached machines also contained PII, but there is no evidence to suggest that this information has been used maliciously.

Read More

Topics: Malware, Data Breach, Cyber Incident Matrix

Sep 4, 2015 1:32:00 PM

Cyber Incident Matrix: Ashley Madison

Complexity Score: 4
Severity Score: 6
How did we get these numbers?

Incident Summary

  • What was breached: User Data from Avid Life Media websites, specifically targeting the Ashley Madison infidelity website

  • Delivery: Announced July 2015,

  • The Attackers: A hacking group known as "The Impact Team"

Read More

Topics: Data Breach, Cyber Incident Matrix

Aug 13, 2015 9:18:00 AM

Cyber Incident Matrix: Insider Trading

Complexity Score: 3
Severity Score: 3
How did we get these numbers?

Incident Summary

  • What was breached: Business Wire, Marketwired and PR Newswire

  • Delivery: February 2010 - August 2015

  • The Attackers:  Attackers from US, France, Cyprus, Russia, and the Ukraine

Overview:

Beginning in early 2010, a ring of hackers breached financial wire companies Business Wire, Marketwired, and PR Newswire, patiently exfiltrating press releases related to a number of Fortune 500 companies (including HP, Home Depot, and Caterpillar) before the releases were made public. After the press releases were exfiltrated, they were analyzed by traders who would buy or short stock depending on the information contained in the press releases. According to the SEC filing, the hacker-trader ring made over $100 million in insider trades over the five year period.

Read More

Topics: Data Breach, Phishing, Hacking, Insider Trading, Market Manipulation

Aug 11, 2015 8:00:00 AM

Cyber Incident Matrix: Kaspersky

Severity Score: 2
Complexity Score: 10
How did we get these numbers?

Incident Summary:

  • What was breached: Several internal R&D related Systems of Kaspersky Lab

  • Delivery: Unknown - Spring 2015

  • The Attackers:  Unnamed Nation State

Overview:

On June 10th, 2015, Russia-based security firm Kaspersky Lab announced that their systems had been infiltrated by a hyper-advanced previously undiscovered form of malware known as Duqu 2.0, the next generation of the Duqu trojan, or the “cousin” of Stuxnet. According to Kaspersky Lab, they were not the only target of the attack, as Duqu 2.0 was also deployed to spy on the 2014-2015 P5+1 talks, the new Iran Nuclear talks, and a conference commemorating the 70th Anniversary of the liberation of Auschwitz-Birkenau.

Read More

Topics: Malware, Data Breach, Duqu 2.0, Indicators of Compromise

Jul 22, 2015 8:30:00 AM

Cyber Incident Matrix: Anthem

Complexity Score: 4
Severity Score: 5
How did we get these numbers?

Incident Summary

  • What was breached: Anthem customer profile database

  • Delivery: April 2014 - February 2015

  • The Attackers:  No formal incrimination, Chinese government is suspected

Overview:

On February 4th, 2015, Anthem Inc., formerly known as Wellpoint, announced that it had discovered a breach of its customer information database that resulted in the loss of 37.7 million records containing email addresses, home addresses, and Social Security numbers. After several weeks of forensic analysis, that number increased to 78.8 million affected records. While the formal FBI investigation has not concluded, it has been speculated that the Chinese government perpetrated the attack.

Read More

Topics: Cybersecurity, Data Breach, Cyber Incident Matrix, Healthcare Breach

Jul 16, 2015 9:30:00 AM

Cyber Incident Matrix: IRS Breach

Severity Score: 3
Complexity Score: 4
How did we get these numbers?

Incident Summary

  • What was breached: IRS Database of Taxpayer Information

  • Delivery: February-May, 2015

  • The Attackers:  Undisclosed “sophisticated enemies” originating in Russia

Overview:

On May 26th, 2015, the United States Internal Revenue Service (IRS) announced that the personal information of over 100,000 American taxpayers was stolen from “Get Transcript,” a service provided by the IRS that allowed taxpayers to get a transcript of their past tax activities. These transcripts were then used to file fraudulent tax returns in the name of the victims. Currently, the culprit is unknown to the public, though the IRS has indicated the attackers were Russian in origin.

Read More

Topics: Cybersecurity, Breach Detection, Data Breach

Jul 14, 2015 9:45:00 AM

Cyber Incident Matrix: OPM Breach

Severity Score: 6
Complexity Score: 6
How did we get these numbers?

Incident Summary

  • What was breached: The United States Office of Personnel Management (OPM). System specific breaches were not disclosed.

  • Delivery: March 2014 (possibly earlier) - April 2015

  • The Attackers:  Chinese state sponsered hackers (alleged)

Overview:

In April of this year, the US Office of Personnel Management (OPM) became aware of an intrusion in a personnel file database while working to upgrade its security infrastructure. As investigations continued, the OPM discovered that a second breach had occurred in which a variety of sensitive data on both former and current federal employees had been compromised and exfiltrated using credentials associated with an investigative contractor, KeyPoint Government solutions. Before being detected, the invaders had made off with personal information such as sexual history, drug use, friends, roommates, and more. The second breach was far more significant, raising the number of affected individuals to over 21 million.

Read More

Topics: Cybersecurity, OPM, Data Breach