TJX, Countrywide arrests signal growing threat

Share this article:
The recent arrests of 11 people involved in hacking nine U.S. retailers, and two men who stole data from Countrywide Home Loans, is just the tip of the iceberg of what's to come, according to experts in the security industry.

“The recent arrests demonstrate the essential cooperation between law enforcements around the world to fight cybercrime,” Yuval Ben-Itzhak, Finjan's chief technology officer, told SCMagazineUS.com on Wednesday. “As these criminals managed to cash out millions of dollars, other criminals will follow the pattern. We will continue to see this trend in 2009 as well.”

According to Ben-Itzhak, Finjan's second-quarter trends report indicated that its discoveries
were clearly the tip of the fraud iceberg. The fact that nine major retail chains have been hacked and payment card details of 41 million cardholders were obtained, confirms this once again.

“The scale of this fraud is quite breathtaking, and illustrates the professional approach that these fraudsters take," he said. "It might be all business to them, but such a fraud leaves a lot of damage, hassle and misery for victims in its wake. For companies such as the ones victimized, safeguarding their networks and financial and business data has become a top priority.”

The Countrywide arrests point to a different, but equally disturbing, emerging landscape in identity theft: the corporate insider.

“The criminal insider takes data with the sole purpose of using it, often reselling it to third parties,” said Paul Davie, chief operating officer of database security firm Secerno. “Without examining how vulnerable their data is from insider attacks, most companies are leaving critical shortfalls in place that could be costly from both an operational and brand perspective.”

However, Davie said he sees a parallel between the two sets of arrests. In each scenario, the databases were likely not being monitored correctly.

“It's a matter of legitimate use versus normal use,” he said. IT officials need to have a good understanding of how their database is to be used so they are able to quickly notice any abnormal patterns.

Another issue, Davie added, is the continuing blurred line between who is an insider and who is considered external.

“Is a consultant internal or external?” he asked. “What about a third-party company which has access to the information?”

Alain Mayer, chief technology officer of risk management firm RedSeal Systems, agreed, telling SCMagazineUS.com that one of the biggest challenges is the complexity of networking.

“The perimeter in today's IT infrastructure is shrinking," Mayer said. "Extranets, wireless access points and other un-trusted zones dominate the threat profile. In such an environment, internal segmentation is crucial.”


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Malware in Mexico, Ukraine ATM attacks may be culprit in Malaysia

Police are not naming the malware used, but speculation casts an eye on Backdoor.Ploutus or Backdor.PadPin.

Skills in demand: Communications and messaging experts

Skills in demand: Communications and messaging experts

The demand for infosec-focused communications and messaging pros is growing.

Company news: New execs at Malwarebytes and an acquisition by VMware

The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.