Use Windows 10 For Protection Against Cybercriminals

[vc_row][vc_column][vc_column_text]

The Threat Landscape is Changing

The threat landscape has evolved dramatically in recent years. It seems every day we hear another headline about an organization getting breached. We’ve responded by changing the architecture of Windows 10 so that we’re not just building bigger walls against these attacks; we’re locking the criminals out. Windows 10 provides a comprehensive set of protections against modern security threats. The average cost of a data breach per incident is $3,500,000 (2014 Cost of Data Breach: Global Analysis. Ponemon Institute, 2014.) According to a recent survey of CIOs, security spending is increasing at double the rate of overall investment.

Identity Protection

The solution: Windows 10 introduces an alternative to passwords with Microsoft Passport and Windows Hello.

Information Protection

Solution: Windows 10 provides Enterprise Data Protection, now at the file level, to help ensure corporate data isn’t accidentally or intentionally leaked to unauthorized users or locations.

Device Protection

Solution: Windows 10 offers Trusted Boot to help ensure that a genuine version of Windows starts first on your device, preventing attackers from evading detection.

Online Protection

Solution: Windows 10 Device Guard completely locks down your device, so you can run only trusted applications, scripts, and more.

It’s time to take action to protect your business.

By deploying the security features in Windows 10, you can outmaneuver today’s cybercriminals and neutralize their destructive tactics before they’ve even begun.
Contact Managed Solution to schedule a Network & System Assessment to build the most strategic architecture around your systems and networks. 858-429-3084

[/vc_column_text][/vc_column][/vc_row]

Don’t like Mondays? Neither Do Attackers.

Monday may be our least favorite day of the week, but Thursday is when researchers say that security professionals should watch out for cyber-criminals; paying attention to trends like this can greatly reduce the potential for damage.

Attackers will spend just as much time planning when an email should go out as they do on what it will look like. According to Proofpoint in its Human Factor Report, malicious email attachment message volumes spike more than 38 percent on Thursdays over the average weekday volume, while Wednesdays came in second. “Attackers do their best to make sure messages reach users when they are most likely to click: at the start of the business day in time for them to see and click on malicious messages during working hours,” Proofpoint researchers wrote in the report. Weekends came in last, however, this doesn't mean that Saturday and Sunday are completely safe.

Malicious emails can arrive any day of the week, but there is a clear preference from attackers as to when to send certain threat categories. For example, Keyloggers and Backdoors tend to be sent on Mondays, and Wednesdays are peak days for banking Trojans. Ransomware tends to be sent between Tuesdays and Thursdays, while point-of-sale Trojans arrive towards the end of the week (Thursdays and Fridays) since security teams do not have as much time to detect and mitigate new infections before the weekend. On the weekends, according to Proofpoint, ransomware is what attackers primarily send with few exceptions.

Security teams need to be particularly alert on Thursdays as malicious attachments, malicious URLs, ransomware and point-of-sale infections all favor that day. In addition to these, credential stealing campaigns also favor Thursdays.Thursday were host to a clear increase in malicious attachments being sent, but emails with malicious URLs (the most common vector for phishing attacks designed to steal credentials) were constant throughout the week, with only a slight increase on Tuesdays and Thursdays.

Attackers understand employee email habits and know that feeding employees with a well-crafted email at the optimal time will bring higher success rates. The bulk of attack emails are sent four to five hours after the start of the business day, peaking around lunchtime. Proofpoint’s analysis found that nearly 90 percent of clicks on malicious URLs occur within the first 24 hours of delivery, with a half of them occurring within an hour, and a quarter of the clicks occurring within just ten minutes.

The time between delivery and clicking is shown to be the shortest during business hours (8 a.m. to 3 p.m. Eastern) in the US as well as Canada. The UK and rest of Europe had similar patterns to the US and Canada, however, there was some stratification in the averages according to region. For example, clicking on malicious links peaked around 1 p.m. in France while it peaked early in the workday in Switzerland and Germany. Users in the UK spaced out their clicks throughout the day, but there was a clear drop in activity after 2 p.m.

While it’s important to block and keep malicious messages from reaching the inbox to begin with, the other side of email defense is to be able to identify and flag messages that made it to your inbox and block those links when you realize that they are malicious. If you are able to accomplish this, you can greatly reduce the potential danger that these emails pose.

Proofpoint focused on email-based attacks, however, email wasn’t the only medium in which attackers paid attention to the day of the week. An analysis of all attacks, investigated by the eSentire Security Operations Center in the first quarter of 2017, found that some methods of attack were more likely on given days. The volume of threats, which in eSentire’s report included availability attacks such as distributed denial-of-service (DDoS), fraud, information gathering, intrusion attempts, and malicious code, was highest on Fridays followed by Thursdays. The day of the week did not matter as much when it came to availability attacks, but weekends showed a great dop-off in the amount of risk involved. Malicious code was most common on Thursdays, and intrusion attempts were higher on Fridays.

There is no day off when it comes to defense. The security tools scrutinizing email messages as they arrive, before letting them reach user inboxes, have to be capable of handling peak volumes without sacrificing performance. But if defenders know that the second half of the week tends to be worse in terms of malware and credential theft, they can put in extra monitoring and scanning to detect possible new infections. By allocating more time in the second half of the week to investigate alerts, security teams may detect attacks sooner, and reduce the potential damage.

Chipotle says hackers hit most restaurants in data breach

[vc_row][vc_column][vc_column_text]

Signage for a Chipotle Mexican Grill is seen in Los Angeles, California, United States, April 25, 2016. REUTERS/Lucy Nicholson/File Photo

Chipotle says hackers hit most restaurants in data breach

By Lisa Baertlein as written on reuters.com
Hackers used malware to steal customer payment data from most of Chipotle Mexican Grill Inc's (CMG.N) restaurants over a span of three weeks, the company said on Friday, adding to woes at the chain whose sales had just started recovering from a string of food safety lapses in 2015.
Chipotle said it did not know how many payment cards or customers were affected by the breach that struck most of its roughly 2,250 restaurants for varying amounts of time between March 24 and April 18, spokesman Chris Arnold said via email.
A handful of Canadian restaurants were also hit in the breach, which the company first disclosed on April 25.
Stolen data included account numbers and internal verification codes. The malware has since been removed.
The information could be used to drain debit card-linked bank accounts, make "clone" credit cards, or to buy items on certain less-secure online sites, said Paul Stephens, director of policy and advocacy at the non-profit Privacy Rights Clearinghouse.
The breach could once again threatens sales at its restaurants, which only recently recovered after falling sharply in late 2015 after Chipotle was linked to outbreaks of E. coli, salmonella and norovirus that sickened hundreds of people.
An investigation into the breach found the malware searched for data from the magnetic stripe of payment cards.
Arnold said Chipotle could not alert customers directly as it did not collect their names and mailing addresses at the time of purchase.
The company posted notifications on the Chipotle and Pizzeria Locale websites and issued a news release to make customers aware of the incident.
Linn Freedman, an attorney at Robinson & Cole LLP specializing in data breach response, said Chipotle was putting the burden on the consumer to discover possible fraudulent transactions by notifying them through the websites.
"I don't think you will get to all of the customers who might have been affected," she said.
Security analysts said Chipotle would likely face a fine based on the size of the breach and the number of records compromised.
"If your data was stolen through a data breach that means you were somewhere out of compliance" with payment industry data security standards, Julie Conroy, research director at Aite Group, a research and advisory firm.
"In this case, the card companies will fine Chipotle and also hold them liable for any fraud that results directly from their breach," said Avivah Litan, a vice president at Gartner Inc (IT.N) specializing in security and privacy.
Chipotle did not immediately comment on the prospect of a fine.
Retailer Target Corp (TGT.N) in 2017 agreed to pay $18.5 million to settle claims stemming from a massive data breach in late 2013.
Hotels and restaurants have also been hit. They include Trump Hotels, InterContinental Hotels Group (IHG.L) as well as Wendy's (WEN.O), Arby's and Landry's restaurants.
Shares in Chipotle Mexican Grill ended marginally lower at $480.15 on Friday following the announcement.
(Additional reporting by Natalie Grover and Siddharth Cavale in Bengaluru and Tom Polansek and Nandita Bose in Chicago; Editing by Grant McCool and Lisa Shumaker)

 


[/vc_column_text][/vc_column][/vc_row]

Passwords for 32M Twitter accounts may have been hacked and leaked

[vc_row][vc_column][vc_column_text]

Passwords for 32M Twitter accounts may have been hacked and leaked

By Catherine Shu and Kate Cogner as written on techcrunch.com

untitled

There is yet another hack for users of popular social media sites to worry about. Hackers may have used malware to collect more than 32 million Twitter login credentials that are now being sold on the dark web. Twitter says that its systems have not been breached.
“We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks,” a Twitter spokesperson said.
LeakedSource, a site with a search engine of leaked login credentials, said in a blog post that it received a copy of the user information from “Tessa88@exploit.im,” the same alias used by the person who gave it hacked data from Russian social network VK last week.
Other major security compromises which have hit the news recently include a Myspace hack that involved over 360 million accounts, possibly making it the largest one ever, and the leak of 100 million LinkedIn passwords stolen in 2012.
LeakedSource says the cache of Twitter data contains 32,888,300 records, including email addresses, usernames, and passwords. LeakedSource has added the information to its search engine, which is paid but lets people remove leaked information for free.
Based on information in the data (including the fact that many of the passwords are displayed in plaintext), LeakedSource believes that the user credentials were collected by malware infecting browsers like Firefox or Chrome rather than stolen directly from Twitter. Many of the affected users appear to be in Russia—six of the top 10 email domains represented in the database are Russian, including mail.ru and yandex.ru.
Even though Mark Zuckerberg got several of his non-Facebook social media accounts hacked this week, including Twitter, his information wasn’t included in this data set, LeakedSource claims. Zuckerberg was ridiculed for appearing to reuse “dadada” as his password on multiple sites, but results from LeakedSource’s data analysis shows that many people are much less creative. The most popular password, showing up 120,417 times, was “123456,” while “password” appears 17,471 times. An analysis of the VK data also turned up similar results.
In a statement to TechCrunch, Twitter suggested that the recent hijacking of accounts belonging to Zuckerberg and other celebrities was due to the re-use of passwords leaked in the LinkedIn and Myspace breaches.
“A number of other online services have seen millions of passwords stolen in the past several weeks. We recommend people use a unique, strong password for Twitter,” a Twitter spokesperson said. Twitter suggests that users follow the suggestions in its help center to keep their accounts secure. Twitter also posted on its @Support account that it is auditing its data against recent database dumps.

twitter support

LeakedSource said that it determined the validity of the leaked data by asking 15 users to verify their passwords. All 15 confirmed that the passwords listed for their accounts were correct. However, experts cautioned that the data may not be legitimate.
Michael Coates, Twitter’s trust and information security officer, tweeted that he is confident the social media platform’s systems have not been compromised.twitter hack

 

“We securely store all passwords w/ bcrypt,” Coates added, referencing a password hashing function considered secure. “We are working with LeakedSource to obtain this info & take additional steps to protect users,” he continued.
Troy Hunt, the creator of a site that catalogs breaches called haveibeenpwned.com, also expressed skepticism about the authenticity of the data. Hunt told TechCrunch that he’d heard rumors of breaches at Twitter and Facebook for several weeks but had yet to see convincing proof. “They may well be old leaks if they’re consistent with the other big ones we’ve seen and simply haven’t seen the light of day yet. Incidentally, the account takeovers we’ve seen to date are almost certainly as a result of credential reuse across other data breaches,” Hunt said.
Whether or not the leaked Twitter credentials are authentic, it never hurts to change your password — especially if you use the same password across several sites. Turning on two-factor authentication also helps keep your account secure, even if your password is leaked.

[/vc_column_text][/vc_column][/vc_row]

The US Defense Department is expanding its efforts with tech startups

[vc_row][vc_column][vc_single_image image="8235" img_size="700x500" alignment="center"][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

The US Defense Department is expanding its efforts with tech startups

By Martyn Williams as written on cio.com
The U.S. Department of Defense is expanding its work with tech startups, bringing tech executives to work at its Silicon Valley lab and planning a new office in Boston to tap into research happening in that area.
The expansion follows the early success of the Defense Innovation Unit Experimental (DIUx) office, an 8-month old Silicon Valley incubator that is a key part of Secretary of Defense Ash Carter's push to rebuild ties between the military and tech industry.
Those ties weakened in recent years as a new breed of Internet startup began innovating more quickly and effectively than companies the DOD has worked with for decades.
Carter opened DIUx, in Mountain View, California, to gain early access to new technology, and in the hope that Silicon Valley's unique way of thinking would rub off on the Pentagon.
One of the first ideas has been a bug bounty program that asks computer security experts to probe DOD computers and networks to help find holes. So far, 1,400 hackers have registered for the program and found more than 80 bugs that qualified for monetary prizes, Carter said Wednesday during a visit to DIUx.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_single_image image="8237" img_size="600x400" alignment="center"][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

The center has hosted over 500 entrepreneurs and staged several events, and is now being expanded, he said Wednesday.
"We’re taking a page straight from the Silicon Valley playbook, we’re iterating to make DIUx better," he said.
The effort will now be bi-coastal, with a second office in Boston. That will plug into the innovation happening around the Massachusetts Institute of Technology, Harvard University and other New England tech startups.
The center will also get an additional $30 million budget that will be put towards funding "non-traditional companies with emerging commercial technologies that meet our needs," he said, and other efforts like targeted investments.
Carter also announced a new leadership team which, in a change, will report directly to him.
DIUx will be led by Raj Shah, a former F-16 combat pilot, director of security at Palo Alto Networks and now a tech entrepreneur. Other members of the team include Isaac Taylor, who ran Google X and has worked on Google's Glass and VR efforts, and Douglas Beck, Apple's vice president for Americas and Northeast Asia.
Shah provided an example of the kind of tech block that the DIUx hopes to solve.
As an F-16 pilot, he flew combat missions in Iraq but his aircraft didn't have a GPS system that provided a moving map. That is particularly important when flying near borders, because U.S. aircraft did not want to inadvertently stray into Iranian airspace.
The solution for some pilots was to strap an iPad to their knees, because commercial GPS apps could do something it would take the DOD millions of dollars and months to accomplish, he said.

[/vc_column_text][/vc_column][/vc_row]

Infographic: The Cybersecurity Bell Curve

[vc_row][vc_column][vc_column_text]

As written on enterprise.microsoft.com
We all understand the importance of good personal hygiene, right? It keeps us from getting ostracized at school, it makes us more attractive to the opposite sex, and most importantly it helps us stay happy and healthy.
Just as brushing our teeth is vital to our individual health, maintaining basic cybersecurity hygiene is critical for the well being of businesses. The overwhelming majority of cyberattacks are the result of computer hackers taking advantage of opportunities that stem from businesses neglecting basic security hygiene. Running an outdated operating system (OS) or antivirus software may not seem like a big deal, but it could provide hackers the window they need to access sensitive corporate information.
Fortunately, investing in the latest technology and revisiting cybersecurity basics can safeguard against roughly 98% of what hackers are doing today. Learn how a renewed focus on security basics can bolster your cyber defense and keep your business happy and healthy in The Cybersecurity Bell Curve infographic.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text][/vc_column_text][/vc_column][/vc_row]

Why IoT Security Is So Critical via @TechCrunch

why IOT security is so critical managed solution

Why IoT Security Is So Critical

By Ben Dickson (@bendee983) as written on techcrunch.com
Twenty years ago, if you told me my phone could be used to steal the password to my email account or to take a copy of my fingerprint data, I would’ve laughed at you and said you watch too much James Bond. But today, if you tell me that hackers with malicious intents can use my toaster to break into my Facebook account, I will panic and quickly pull the plug from the evil appliance.
Welcome to the era of the Internet of Things (IoT), where digitally connected devices are encroaching on every aspect of our lives, including our homes, offices, cars and even our bodies. With the advent of IPv6 and the wide deployment of Wi-Fi networks, IoT is growing at a dangerously fast pace, and researchers estimate that by 2020, the number of active wireless connected devices will exceed 40 billion.
The upside is that we are able to do things we never before imagined. But as with every good thing, there’s a downside to IoT: It is becoming an increasingly attractive target for cybercriminals. More connected devices mean more attack vectors and more possibilities for hackers to target us; unless we move fast to address this rising security concern, we’ll soon be facing an inevitable disaster.

IoT Vulnerabilities Open Up New Possibilities To Hackers

Some of the more frightening vulnerabilities found on IoT devices have brought IoT security further up the stack of issues that need to be addressed quickly.
Earlier this month, researchers found critical vulnerabilities in a wide range of IoT baby monitors, which could be leveraged by hackers to carry out a number of nefarious activities, including monitoring live feeds, changing camera settings and authorizing other users to remotely view and control the monitor.
In another development, it was proven that Internet-connected cars can be compromised, as well, and hackers can carry out any number of malicious activities, including taking control of the entertainment system, unlocking the doors or even shutting down the car in motion.
Wearables also can become a source of threat to your privacy, as hackers can use the motion sensors embedded in smartwatches to steal information you’re typing, or they can gather health data from smartwatch apps or health tracker devices you might be using.
Some of the most worrisome cases of IoT hacks involve medical devices and can have detrimental — perhaps fatal — consequences on patients’ health.

What Is being Done To Secure The IoT?

The silver lining is that IoT security, previously ignored, has now become an issue of high concern, even at the federal government level. Several measures are already being taken to gap holes and prevent security breaches at the device level, and efforts are being led to tackle major disasters before they come to pass.
After the Jeep Cherokee hack, automaker Fiat scrambled to have the problem fixed and quickly issued a safety recall for 1.4 million U.S. cars and trucks to install a security update patch. The whole episode also served as a wakeup call for the entire IoT industry.
Now security firms and manufacturers are joining ranks to help secure the IoT world before it spins out of control. Digital security company Gemalto is planning to use its experience in mobile payments to help secure IoT devices. Gemalto will be offering its Secure Element (SE) technology to automotive and utility companies. SE is a tamper-resistant component that gets embedded into devices to enable advanced digital security and life-cycle management via encryption of and access-control limitation to sensitive data.
Microsoft also is entering the fray, and has promised to add BitLocker encryption and Secure Boot technology to the Windows 10 IoT, the software giant’s operating system for IoT devices and platforms such as the Raspberry Pi. BitLocker is an encryption technology that can code entire disk volumes, and it has been featured in Windows operating systems since the Vista edition. This can be crucial to secure on-device data. Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer. Its implementation can prevent device hijacking.
The IoT security issue has also given rise to new alliances. A conglomeration of leading tech firms, including Vodafone, founded the Internet of Things Security Foundation, a non-profit body that will be responsible for vetting Internet-connected devices for vulnerabilities and flaws and will offer security assistance to tech providers, system adopters and end users. IoTSF hopes to raise awareness through cross-company collaboration and encourage manufacturers to consider security of connected devices at the hardware level.
“The opportunity for IoT is staggering,” said John Moor, a spokesperson for IoTSF. “However, there are ever-real security challenges that accompany those opportunities.” Moor stressed the importance to address security from the start. “By creating a dedicated focus on security,” he promised, “our intention is simple — drive excellence in IoT security. IoTSF aims to be the home for providers, adopters and beneficiaries of IoT products and services.”
Other companies are working on setting up platforms that will enable large networks of IoT devices to identify and authenticate each other in order to provide higher security and prevent data breaches.
There also is research being conducted to enhance IoT security through device and smartphone linking. The effort is being led by experts at the University of South Hampton, who believe smartphones can help overcome IoT devices’ limits in user interfaces and complexities in networking.

What More Needs To Be Done?

While the effort to tackle security issues regarding IoT devices is laudable, it isn’t enough to ensure that we can leverage the full power of this new technology in a secure environment.
For one thing, the gateways that connect IoT devices to company and manufacturer networks need to be secured as well as the devices themselves. IoT devices are always connected and always on. In contrast to human-controlled devices, they go through a one-time authentication process, which can make them perfect sources of infiltration into company networks. Therefore, more security needs to be implemented on these gateways to improve the overall security of the system.
Also of concern are huge repositories where IoT data is being stored, which can become attractive targets for corporate hackers and industrial spies who rely on big data to make profits. In the wake of massive data breaches and data theft cases we’ve seen in recent years, more effort needs to be made to secure IoT-related data to ensure the privacy of consumers and the functionality of businesses and corporations.
There also must be a sound plan for installing security updates on IoT devices. Each consumer will likely soon own scores — if not hundreds — of connected devices. The idea of manually installing updates on so many devices is definitely out of the question, but having them automatically pushed by manufacturers also can be a risky business. Proper safeguards must be put in place to prevent updating interfaces from becoming security holes themselves.
What is evident is that the IoT will become an important part of our lives very soon, and its security is one of the major issues that must be addressed via active participation by the entire global tech community. Will we be able to harness this most-hyped, emerging technology that will undoubtedly revolutionize the world, or will we end up opening a Pandora’s Box that will spiral the world into a new age of mayhem and chaos? Let’s hope for the former.
Source: techcrunch.com/2015/10/24/why-iot-security-is-so-critical/

China hacked into the federal gov network, compromising 4 million employees' info. The Post's Ellen Nakashima talks about what kind of national security risk this poses and why China wants this information.

By Ellen Nakashima as written on The Washington Post - June 2015.
China hacked into the federal government’s network, compromising four million current and former employees' information. The Post's Ellen Nakashima talks about what kind of national security risk this poses and why China wants this information. (Alice Li/The Washington Post)
Hackers working for the Chinese state breached the computer system of the Office of Personnel Management in December, U.S., and the agency will notify about 4 million current and former federal employees that their personal data may have been compromised.
The hack was the largest breach of federal employee data in recent years. It was the second major intrusion of the same agency by China in less than a year and the second significant foreign breach into U.S. government networks in recent months.Last year, Russia compromised White House and State Department e-mail systems in a campaign of cyber­espionage.
The OPM, using new tools, discovered the breach in April, according to officials at the agency who declined to discuss who was behind the hack.
Other U.S. officials, who spoke on the condition of anonymity, citing the ongoing investigation, identified the hackers as being state-sponsored.
One private security firm, iSight Partners, says it has linked the OPM intrusion to the same cyber­espionage group that hacked the health insurance giant Anthem. The FBI suspects that that intrusion, announced in February, was also the work of Chinese hackers, people close to the investigation have said.
The intruders in the OPM case gained access to information that included employees’ Social Security numbers, job assignments, performance ratings and training information, agency officials said. OPM officials declined to comment on whether payroll data was exposed other than to say that no direct-
deposit information was compromised. They could not say for certain what data was taken, only what the hackers gained access to.
“Certainly, OPM is a high-value target,” Donna Seymour, the agency’s chief information officer, said in an interview. “We have a lot of information about people, and that is something that our adversaries want.”
The personal information exposed could be useful in crafting “spear-phishing” e-mails, which are designed to fool recipients into opening a link or an attachment so that the hacker can gain access to computer systems. Using the stolen OPM data, for instance, a hacker might send a fake e-mail purporting to be from a colleague at work.
After the earlier breach discovered in March 2014, the OPM undertook “an aggressive effort to update our cybersecurity posture, adding numerous tools and capabilities to our networks,” Seymour said. “As a result of adding these tools, we were able to detect this intrusion into our networks.”
“Protecting our federal employee data from malicious cyber incidents is of the highest priority at OPM,” Director Katherine Archuleta said in a statement.
In the current incident, the hackers targeted an OPM data center housed at the Interior Department. The database did not contain information on background investigations or employees applying for security clear­ances, officials said.
By contrast, in March 2014, OPM officials discovered that hackers had breached an OPM system that manages sensitive data on federal employees applying for clearances. That often includes financial data, information about family and other sensitive details. That breach, too, was attributed to China, other officials said. OPM officials declined to comment on whether the data affected in this incident was encrypted or had sensitive details masked. They said it appeared that the intruders are no longer in the system.
“There is no current activity,” an official said. But Chinese hackers frequently try repeat intrusions.
Seymour said the agency is working to better protect the data stored in its servers throughout the government, including by using data masking or redaction. “We’ve purchased tools to be able to implement that capability for all” the data, she said.
Among the steps taken to protect the network, the OPM restricted remote access to the network by system administrators, officials said. When the OPM discovered the breach, it notified the FBI and the Department of Homeland Security.
A senior DHS official, who spoke on the condition of anonymity because of the ongoing investigation, said the “good news” is that the OPM discovered the breach using the new tools. “These things are going to keep happening, and we’re going to see more and more because our detection techniques are improving,” the official said.
FBI spokesman Josh Campbell said his agency is working with DHS and OPM officials to investigate the incident. “We take all potential threats to public- and private-sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace,” he said.
The intruders used a “zero-day” — a previously unknown cyber-tool — to take advantage of a vulnerability that allowed the intruders to gain access into the system.
[Why the Internet’s massive flaws may never get fixed]
China is one of the most aggressive nations targeting U.S. and other Western states’ networks. In May 2014, the United States announced the indictments of five Chinese military officials for economic cyber­espionage — hacking into the computers of major steel and other companies and stealing plans, sensitive negotiating details and other information.
“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”
Rep. Adam B. Schiff (Calif.), ranking Democrat on the House Intelligence Committee, said the past few months have seen a massive series of data breaches affecting millions of Americans.
“This latest intrusion . . . is among the most shocking because Americans may expect that federal computer networks are maintained with state-of-the-art defenses,” he said. “The cyberthreat from hackers, criminals, terrorists and state actors is one of the greatest challenges we face on a daily basis, and it’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue.”
Colleen M. Kelley, president of the nation’s ­second-largest federal worker union, the National Treasury Employees Union, said her organization “is very concerned” about the breach. “Data security, particularly in an era of rising incidence of identity theft, is a critically important matter,” she said.
“It is vital to know as soon as possible the extent to which, if any, personal information may have been obtained so that affected employees can be notified promptly and encouraged to take all possible steps to protect themselves from financial or other risks,” she said.
Lisa Rein contributed to this report.
Source: WashingtonPost.com