TJX, Countrywide arrests signal growing threat

Share this article:
The recent arrests of 11 people involved in hacking nine U.S. retailers, and two men who stole data from Countrywide Home Loans, is just the tip of the iceberg of what's to come, according to experts in the security industry.

“The recent arrests demonstrate the essential cooperation between law enforcements around the world to fight cybercrime,” Yuval Ben-Itzhak, Finjan's chief technology officer, told SCMagazineUS.com on Wednesday. “As these criminals managed to cash out millions of dollars, other criminals will follow the pattern. We will continue to see this trend in 2009 as well.”

According to Ben-Itzhak, Finjan's second-quarter trends report indicated that its discoveries
were clearly the tip of the fraud iceberg. The fact that nine major retail chains have been hacked and payment card details of 41 million cardholders were obtained, confirms this once again.

“The scale of this fraud is quite breathtaking, and illustrates the professional approach that these fraudsters take," he said. "It might be all business to them, but such a fraud leaves a lot of damage, hassle and misery for victims in its wake. For companies such as the ones victimized, safeguarding their networks and financial and business data has become a top priority.”

The Countrywide arrests point to a different, but equally disturbing, emerging landscape in identity theft: the corporate insider.

“The criminal insider takes data with the sole purpose of using it, often reselling it to third parties,” said Paul Davie, chief operating officer of database security firm Secerno. “Without examining how vulnerable their data is from insider attacks, most companies are leaving critical shortfalls in place that could be costly from both an operational and brand perspective.”

However, Davie said he sees a parallel between the two sets of arrests. In each scenario, the databases were likely not being monitored correctly.

“It's a matter of legitimate use versus normal use,” he said. IT officials need to have a good understanding of how their database is to be used so they are able to quickly notice any abnormal patterns.

Another issue, Davie added, is the continuing blurred line between who is an insider and who is considered external.

“Is a consultant internal or external?” he asked. “What about a third-party company which has access to the information?”

Alain Mayer, chief technology officer of risk management firm RedSeal Systems, agreed, telling SCMagazineUS.com that one of the biggest challenges is the complexity of networking.

“The perimeter in today's IT infrastructure is shrinking," Mayer said. "Extranets, wireless access points and other un-trusted zones dominate the threat profile. In such an environment, internal segmentation is crucial.”


Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.