Welcome June! Thank goodness May is over based upon the number of breaches that took place during the month. While going through some industry articles over a rainy holiday weekend in the US, I came across a long list of breaches, 42 to be exact, that took place during the month of May 2016 as reported by ITGovenance.
The highlights of the list* include:
- LinkedIn: While the breach occurred in 2012 and it was initially reported that 6.7 million records had been breached, it turns out 117 million users accounts were compromised. This information only came to light when “peace_of_mind,” aka “Peace” recently put the data up for sale on the dark web.
- Tumblr: Another article revealed the email addresses and hashed and salted passwords of 65 million Tumblr users are being sold online by same the individual that offered the LinkedIn users’ data.
- W-2 Scam: An alarming 41 organizations have had their W-2 tax information targeted so far this year through malicious email campaigns. According to the article, “the IRS issued a warning to HR departments about an increase in BEC (business email compromise) scams that aim to steal W-2 data." The agency reports a 400 percent surge in phishing and malware incidents so far this tax season, as well as additional scams targeting the wider tax community.
- Ransomware continues to compromise existing systems.
- SWIFT banking continues to have challenges of funds being compromised.
Add to this list the ITRC’s May 31st report of 430 breaches so far in 2016 affecting the personal information of 12,595,880 individuals. The report also shows that business and healthcare have suffered exponentially more breaches than other industries. Although the breaches did not all take place in May, they were reported in one facet or another, and most compromises were resident in the network endpoints for months prior to being identified and reported.
The staggering number of breaches should be reason enough for you to consider evaluating and modifying your security strategy. Although a significant amount of breach attempts are stopped with real-time detection, it is not infallible as the data clearly shows. Organizations should look to expand their defense-in-depth strategies to identify threats that slip though first-line defenses with threat hunting tools that specialize in detecting post-compromise activity on network endpoints.
The wall stopping intrusions can be built higher, thicker or longer, but something always gets through. You need to know what is in your system NOW that may compromise the integrity of your data and sensitive information.
Make June the month you investigate how threat hunting can help eradicate malware in persistent threats that may be lurking in your systems to keep your organization off the list.