November 27, 2012
Spear Phishing Attack Cause of Massive South Carolina Data Breach
It will come as no surprise to regular readers of this blog, but it was revealed this week that a recent, massive data breach at the South Carolina Department of Revenue -- which exposed "millions of Social Security numbers, bank account information and thousands of credit and debit card numbers" according to SearchSecurity -- started with a phishing attack around mid-August 2012.
According to the official response report (South Carolina Department of Revenue, Public Incident Response Report, November 20, 2012), "A malicious (phishing) email was sent to multiple Department of Revenue employees. At least one Department of Revenue user clicked on the embedded link, unwittingly executed malware, and became compromised. The malware likely stole the user’s username and password."
Later, the attacker logged into a remote access service using compromised user credentials and began an ongoing process of escalating privileges and installing malware on compromised servers. Potentially stolen information exfiltrated by the attacker totalled more than 74 Gigabytes of data.
SearchSecurity's coverage (see, "Phishing attack, stolen credentials sparked South Carolina breach") notes that, "In addition to the 3.8 million people whose data were exposed, the breach included information on 1.9 million dependents. It also included data on 699,900 businesses. Information on 3.3 million bank accounts were also stolen."
SC Magazine also has a good summary of this attack and the phishing attack that ulitmately lead to the release of confidential information (see, "S.C. tax breach began when employee fell for spear phish").
If you're interested in the methods and motives of today's advanced targeted attackers, you'll want to join us for our next live web seminar, "Targeted Hybrid Attacks on Organizations:
2012 & Beyond," on Wednesday, December 5 (11 AM PT / 2 PM ET).
Forrester Research security analyst Rick Holland will be on hand to discuss the South Carolina breach as just the latest example of spear phishing-lead attacks, why organizations keep getting phished, and how to apply today's email security solutions to keep your enterprise's most valuable data secure.
Follow the link above to register, or simply complete the form below: