Breach, Data Security, Threat Management

The eBay breach explained

It has grown increasingly common to wake up in the morning and read about yet another huge data breach that has struck a massive organization with an important online presence. One of the latest has happened to eBay, the online auction house giant that is one of the most widely used services in the history of the internet.

A phishing attack is one that would essentially attempt to trick eBay employees into giving up important security credentials that could then be used by attackers to infiltrate the site. An attacker might go to LinkedIn, for example, and look for employees of eBay. Using LinkedIn they could then get important names and correlate that data with social media posts, accounts, and other sites. The employee in question would then be sent an email with an embedded link to click on. When the link was executed, malware would be installed on the computer and the attacker would gain control of the machine in question.

Social engineering is a bit of a different concept. An attacker would initially use email to make contact with the eBay employee and would then follow up with a phone call. The victim in question would already have a false sense of security because they would be waiting for the call. The call would then be used to persuade the employee to click on the link, which would install the same type of malware.

eBay has been understandably slow to verify any of these details, if they even know the details themselves at this point. Because there were over 100 employees involved in the breach, however, it looks like one of these two methods was used to carry out the infiltration.

Phishing attacks and social engineering attacks are surprisingly common in both the United States and Europe. When these types of attacks are carried out, a two-pronged approach is much more effective as it essentially tricks the victim into thinking that they are speaking with someone legitimate.

One of the most interesting bits of information to come out of the eBay breach is that the attacker had complete access to their network for 229 days. That may seem like a long time, but in reality it's quite short with regards to data breaches. With a data breach, the attacker needs to be careful to avoid getting detected for as long as possible.

The goal is to move through the network without creating an event, which would send up red flags and could get them kicked off the network entirely before they are able to accomplish what they set out to do. Attackers will actually attempt to penetrate a network only a few times a day — every day — until they get in, so that they don't cause an event or incident at all.

From the perspective of a security team like the one eBay employs, the goal is to get that 229 day average intrusion time down to single-digit days or even a week. This type of progress requires 24-hours-a-day, seven-days-a-week network monitoring to be successful.

For the best possible chance at preventing the type of data breach that struck eBay, a proper defense strategy must be implemented. This involves the use of a variety of different layers that can help identify and prevent breaches at various points during an intrusion attempt.

A host layer, for example, includes malware specific software, file integrity management, web browser protection, and more. The server layer will have its own centralized log management solution, password rotation on a regular basis and anti-virus protection for all servers. The network layer includes a centralized patch management solution, the ability to utilize a security scanner regularly, and a firewall with tight access controls.

A security layer would include deep packet forensics collection, forensics solutions for investigations, security incident event monitoring, and more. All of these layers would be monitored 24/7 to identify intrusion attempts at various stages and to help ward off attackers at all points during the traditional intrusion processes.

These methods require a well-trained staff, but when executed properly they can act as a type of insurance policy to help prevent just the type of situation that eBay currently finds itself in.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.