Recent Serious Data Breach Could See Millions Of Online Users Become Victims Of Targeted Malware Att

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

Lately, it has been very often that we hear big name companies suffer serious data breach. The latest breach is reported to be on a smaller scale, but no less serious. Ashampoo, a German maker of Windows utilities and security software, warned this week that customer names and e-mail addresses were stolen and could be used in targeted malware attacks.
Apparently hackers managed to break into one of Ashampoo’s servers that held customer data. Rolf Hilchner, CEO of Ashampoo, has posted on the company’s website explaining exactly what has happened. There was a hole in their security and by using it Ashampoo customer names and e-mail addresses have been taken, but no payment and billing information was accessed. The company said, billing information such as credit card numbers was not stolen, because that data is stored on another server, operated by a contractor. The company has nearly 14 million customers, but it's not immediately clear how many have had their names and e-mail addresses stolen.
On a Web page devoted to the incident, Ashampoo warned customers that the hackers may try to say them bogus online order ...
... confirmations laced with malicious attachments. "If you for example receive a confirmation of an order from PurelyGadgets or another company without having made an appropriate purchase there, please do not open the attachment and delete the e-mail immediately," Ashampoo wrote. PurelyGadgets is a U.K.-based online retailer that said recently that scammers had been sending out fake orders, pretending that they were from the company.
On March 30th, an incident that has been described as one of the largest breaches in US history was detected. Epsilon, the world’s largest provider of permission-based email marketing was exposed by an unauthorized entry into its e-mail system. Epsilon builds and hosts customer databases for brands, making it a prime target for hackers. In many cases, the data lost is simply someone’s email address. But that is all that a hacker needs to employ a phishing attack against the customers, who will expect to have communication from these brands. But it may be carrying a virus that exposes customers to data theft if they simply open the email. These kinds of phishing attacks are likely to have a higher success rate.
Epsilon sends more than 40 billion emails a year on behalf of 2,500 brands. The breach has affected a number of those brands, including grocery retailer Kroger, TiVo, Marriott Rewards, Ritz-Carlton Rewards, US Bank, JPMorgan Chase, Capital One, Citi, McKinsey & Company, New York & Company, Brookstone, and Walgreens. Considering the scale of the breach, it is unsurprising that a number of lawmakers are requesting more information about the incident. The U.S. Secret Service is reportedly investigating the breach, as is the Australian Federal Privacy Commissioner.
The Epsilon breach came shortly after the RSA hack, a division of yet another major player in IT. RSA was subject to an Advanced Persistent Threat also known as APT, which obtained data related to RSA’s SecurID security tool rather than the unit’s corporate and governmental clients. This data may be used for a wider scale attack in the future. Facebook is also victim of online security attack. Last year Facebook apps are sending user IDs to third parties, such as advertising networks, with the knowledge of the users themselves, and Facebook still continues to raise some eyebrows concerning certain privacy issues.
The number of cyber attacks is only going to increase if organizations fail to pay attention on the vulnerabilities of their network security. Organizations need to implement robust Internet security initiatives to protect their network and their customer’s information, including hiring highly trained information security experts in order to avoid security breaches. Information security professionals can increase their information security knowledge and skills by embarking on highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of highly technically skilled information security professionals.
CAST will provide advanced technical security training covering topics such as Advanced Penetration Testing, Digital Mobile Forensics training, Application Security, Advanced Network Defense, and Cryptography. These highly technical and advanced information security training will be offered at all EC-Council hosted conferences and events, and through specially selected EC-Council Authorized Training Centers.
About EC-Council
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other information security training programs offered in over 84 countries around the globe. EC-Council has trained over 90,000 individuals in technical security training and certified more than 40,000 security professionals. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency in the lack of highly technically skilled information security professionals.