NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

What can we learn from the latest data breaches?

October 20, 2017

  • Blog
  • Archive

The simple elevation of user and application privileges lies at the heart of many breaches.

We must hope that January’s huge data breach at Target will be a turning point in the history of data breaches. For the first time, businesses are starting to ask difficult questions - might the fact that one of the US retail sector’s most respected retailers can be breached with such ease not be telling us that something is profoundly wrong with enterprise security?

To its credit, Target has been relatively open about the technical failings that aided the hackers. The firm’s CIO Beth Jacob even resigned as part of a security overhaul. Clearly, executives are now in the firing line when things go wrong. The astonishing thing about Target’s woes is that not only are large data breaches nothing new they are starting to become normal.

Historically, the top ten data breaches run in the following order of size:

  • Heartland Payment Systems (2009 – 130 million accounts)
  • Target (2014- 110 million)
  • TK/TJ Maxx (2007 – 94 million)
  • AOL (2014 - 92 million)
  • Sony PlayStation Network (2011 – 77 million)
  • US Military Veterans (2014 – 70 million)
  • LivingSocial (2013 – 50 million)
  • Evernote (2013 – 50 million)
  • CardSystems (2005 – 40 million)
  • Adobe (2013 – 38 million)

Looking at this list, a number of themes jump out. First, every single one of these incidents was in the US, which we have to assume is more to do with the disclosure laws than that country being more likely to suffer a large breach. Put more pessimistically, these are simply the breaches we hear about.

Second, although size grabs attention, it shouldn’t be assumed that scale always equates to severity. All data breaches are serious but as a recent breach that revealed personal details of only 10,000 women seeking help from the UK’s British Pregnancy Advisory Service underlines, tiny data breaches can also be incredibly serious.

It’s also intriguing that six of these major breaches have happened in the last 12 months. It could be that hackers are just trying their luck more often than in the past or, as many suspect, organizations are just getting better at spotting them. Either way, we have to assume that the search for weak security has become an industrial-scale business model for the criminal underworld.

The Target hack

This attack was only one of at least half a dozen that affected large US retailers in 2013, which as far as we can tell all involved planting malware on PCs connected to point-of-sale (POS) terminals. The malware used in the Target hack was a popular Russian toolkit called BlackPOS, sold specifically for use against retailers. That is the really chilling part of the Target incident; there are now several dedicated toolkits sold for attacks on this sector alone.

We can only infer the precise engineering of the attack, but it is clear it had several layers, starting with a reported compromise of a third-party contractor whose credentials were phished to gain access to the network. The current assumption is that multi-factor authentication was probably not in place.

Next, using only that one credential and the access rights it afforded, the criminals were able to move around the network, gaining access to deeper layers. A number of techniques could have been used but past POS attacks have exploited admin-level default passwords for specific applications the attackers either know or guess will be present. The attack complete, the criminals then made off with 110 million customer account records without being detected until they were long gone.

As in so many attacks, the underlying theme is simply the abuse of privileges, first of the contractor, then at the application level. Although this attack was external, the same risk of failing to control accounts and privileges would have applied to a rogue insider too. The fact that this problem is well understood, makes its constant re-occurrence in new attacks unbelievable. Allowing this to continue would be a failure to learn on a grand scale.

John Dunn,

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.