Breach, Threat Management, Data Security, Incident Response, TDR

TJX, Countrywide arrests signal growing threat

The recent arrests of 11 people involved in hacking nine U.S. retailers, and two men who stole data from Countrywide Home Loans, is just the tip of the iceberg of what's to come, according to experts in the security industry.

“The recent arrests demonstrate the essential cooperation between law enforcements around the world to fight cybercrime,” Yuval Ben-Itzhak, Finjan's chief technology officer, told on Wednesday. “As these criminals managed to cash out millions of dollars, other criminals will follow the pattern. We will continue to see this trend in 2009 as well.”

According to Ben-Itzhak, Finjan's second-quarter trends report indicated that its discoveries
were clearly the tip of the fraud iceberg. The fact that nine major retail chains have been hacked and payment card details of 41 million cardholders were obtained, confirms this once again.

“The scale of this fraud is quite breathtaking, and illustrates the professional approach that these fraudsters take," he said. "It might be all business to them, but such a fraud leaves a lot of damage, hassle and misery for victims in its wake. For companies such as the ones victimized, safeguarding their networks and financial and business data has become a top priority.”

The Countrywide arrests point to a different, but equally disturbing, emerging landscape in identity theft: the corporate insider.

“The criminal insider takes data with the sole purpose of using it, often reselling it to third parties,” said Paul Davie, chief operating officer of database security firm Secerno. “Without examining how vulnerable their data is from insider attacks, most companies are leaving critical shortfalls in place that could be costly from both an operational and brand perspective.”

However, Davie said he sees a parallel between the two sets of arrests. In each scenario, the databases were likely not being monitored correctly.

“It's a matter of legitimate use versus normal use,” he said. IT officials need to have a good understanding of how their database is to be used so they are able to quickly notice any abnormal patterns.

Another issue, Davie added, is the continuing blurred line between who is an insider and who is considered external.

“Is a consultant internal or external?” he asked. “What about a third-party company which has access to the information?”

Alain Mayer, chief technology officer of risk management firm RedSeal Systems, agreed, telling that one of the biggest challenges is the complexity of networking.

“The perimeter in today's IT infrastructure is shrinking," Mayer said. "Extranets, wireless access points and other un-trusted zones dominate the threat profile. In such an environment, internal segmentation is crucial.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.