Here we go again…the eBay hack

Sadly, I feel like I am reading the same story over again.  Employee credentials stolen.  Credentials used by cybercriminals to access the network.  Intrusion occurred from month x to y.  Millions of customer records stolen.  Most recently it was eBay, but it’s the same story as we heard about the Target Corporation breach.  And similar to Adobe before that.  And…   

The intent here is not to cast blame on any or all of those organizations and their security professionals, but rather to reiterate the importance of organizations increasing defenses in a coordinated fashion. 

Consider the eBay situation (more in Fortinet’s Richard Henderson’s Blog:

  • Access: eBay employee credentials were stolen
  • Threat insertion:
  • Lateral movement: seeks out eBay account holder information (names, addresses, dates of birth and much more)
  • Data exfiltration: 145m records stolen
  • Persist: intrusion occurred between late February and early-March

That’s why we recommend that all organizations looking to address this growing threat take a long and coordinated look at:

  • Access Control to reduce the attack service: two-factor authentication may have prevented the use of stolen credentials
  • Threat Prevention to block as much as we can: if malware was used as opposed to remote access and exploration, improved prevention may have helped
  • Threat Detection to detect what we may miss at any point in time: clearly something was overlooked and tools to inspect code and/or identify indicators of compromise may have flagged them
  • Incident Response to validate and contain what’s detected: also valuable to address customer concern, already state lawsuits have begun
  • Continuous Monitoring to constantly audit, assess and reduce risk: hopefully all retail/commerce companies are on extra high alert since the Target data breach

For more on Fortinet’s Advanced Threat Protection Framework, please visit.  Or download the paper here.

New! Download the State of Cybercrime 2017 report