0

Geek Post Alert! Epsilon Breach & RSA Follow-Up

Posted by Brandie on April 7, 2011 in Information Security |

Most of you have probably received at least one email from a company notifying you that your email address was stolen in the recent Epsilon breach. So far this is the most complete list I have found for the companies breached emails:

1-800-Flowers, AbeBooks, Air Miles, Ameriprise Financial, Barclays Bank, Beachbody, bebe Stores, Best Buy, Brookstone, Capital One, City Market, Citi, Dillons, Disney Destinations, Eileen Fisher, Ethan Allen, Food 4 Less, Fred Meyer, Fry’s, Hilton Honors Program, Home Shopping Network (HSN), Jay C, JPMorgan Chase, King Soopers, Kroger, Lacoste, LL Bean Visa Card, Marriott Rewards, McKinsey & Company, MoneyGram, New York & Company, QFC, Ralphs, Red Roof Inn, Ritz-Carlton Rewards, Robert Half, Target, The College Board, TD Ameritrade, TiVo, US Bank, Walgreens

The report is that 2% of the Epsilon 2500+ clients had their email lists breached – but no financial data.

It is time to dust off the reminder on Phishing and remind everyone that the best thing you can do to make sure this breach doesn’t impact you is to not click on email links and don’t open email attachments.

I know that sounds impossible. You may get photos from grandkids or drawings, etc and you just have to open what is sent.

The problem is, your Uncle Bob or Little Joe did click on a link and have gotten infected and have sent you a virus.

Honestly, with Facebook, Picasa and Flickr around. There are so many avenues to post photos and provide updated information to folks that you may be able to avoid many of those attachments. Other than that, only open attachments when you know someone is sending one. If you get a document from someone, just email them right back and ask if they really meant to send it. If they did, open away, if not, that one email may have saved you a bunch of trouble.

As details on the breach come out, I will let you know what happened at Epsilon, but please just remember, as convenient as email is, it can be brutal and to point out how bad, I will transition to my RSA follow up.

Email did it.

I have privately told some of my students and others that the breach at RSA had to have internal components and it looks like it did. From a couple of reliable sources this is the story behind the RSA breach.

Apparently there was an email specifically crafted and directed toward a couple of technical teams within RSA. The email went into the spam email folder on their system however, this one RSA person went into the spam email folder and found the email titled “2011 Recruitment Plan”. Once that email was opened there was an Excel spreadsheet by the same name. The RSA employee opened the .xls (Excel) spreadsheet launching an embedded Adobe Flash Video which exploited a known Flash vulnerability (which has since been patched by Adobe). 

At this point, you should visualize a long row of dominos you set up. It really does take a string of events to get through this breach.

The flash vulnerability installed a RAT virus (remote access trojan) which proceeded to phone home. The virus reached out to a pre-defined address on the Internet enabling the “bad guy” to remote control the computer inside RSA just as if he was sitting there. From that, they were able to copy and steal information.  

Is that scary enough for ya?

Just from an email this large security firm suffered one of the worst breaches in the last decade in information security.

Now do you see why the Epsilon breach and bad folks having your email can be dangerous.

Please, please, please be careful, its a jungle out there…

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2011-2024 Busy Making Plans All rights reserved.
This site is using the Desk Mess Mirrored theme, v2.5, from BuyNowShop.com.