Malware At Massachusetts Unemployment Office Leads To Data Breach

By Author: Apple Tan
Total Articles: 68
Comment this article

An aggressive worm known for stealing sensitive information, Qakbot, was found on the computer network for agencies handling unemployment claims in Massachusetts. Cyber-criminals may have used this malware to steal personal information from the Massachusetts unemployment offices, according to the Executive Office of Labor and Workforce Development (EOLWD).
As many as 1,500 computers in the Departments of Unemployment Assistance and Career Services were infected with a virus beginning April 20, according to a statement made by the Massachusetts Executive Office of Labor and Workforce Development on May 17. Computers in the mobile One Stop Career Centers that work with claimants were also infected. Even though EOLWD immediately worked with Symantec to remove the malware, W32.QAKBOT, it learned on May 16 that the infection hadn’t been “remediated as originally believed,” leading to a data breach.
There is a possibility that as a result of the infection, the virus collected confidential claimant or employer information. This information may include names, Social Security Numbers, Employer Identification ...
... Numbers, email addresses and residential or business addresses. It is possible that bank information of employers was also transmitted through the virus.
In all, the agency believes the impact was limited to 1,200 employers who file information manually. At the same time, there is no way to assess the number of individuals affected by the potential breach, as “businesses that file their quarterly statements manually (about 1,200 of 180,000) may have had identifying information transmitted through the virus”. “For a claimant to have been impacted, a staff person would have had to key in sensitive information at an infected work station,” the statement added.
"I apologize to our customers and recognize that this is an unwanted problem,” Joanne F. Goldstein, Secretary of Labor and Workforce Development said in a statement.  “We are in the process of individually notifying all residents whom we think could be impacted and have advised all relevant and necessary state and federal agencies of the situation. We are doing everything possible to provide assistance in how to protect their identities and credit to those affected," said Joanne F. Goldstein.
EOLWD advises that anyone who conducted business from April 19 – May 13 requiring a staff person to access your file on-line with DCS, DUA or at a One Stop Career Center should take the necessary precautions as outlined below. All claimants will receive letters advising them of the breach and the information on how they can further protect themselves.
Qakbot has been around for some time. First discovered in 2009, the Malware spreads via several sources, including network shares. At one time it leveraged vulnerabilities in Apple’s QuickTime and Internet Explorer to target victims. Qakbot is able to gather various kinds of data on an infected system including OS and network information, keystrokes, stored FTP and email login details, targeted banking data, as well as usernames and passwords stored within a browser.
“While W32.Qakbot has multiple capabilities, its ultimate goal is clearly theft of information. Identification theft is big business in the underground world of cybercrime and the more data a threat can steal, the bigger the profit that can be made,” Symantec’s profile on the Malware explains.
Qakbot is especially aggressive and normally targets online banking, although it has the ability to mutate itself to switch targets and change its methods. The cyber-criminals behind the infection could have remotely instructed the virus to go after names, addresses and Social Security numbers stored in the state systems instead of focusing on banking sites, said Roel Schouwenberg, an antivirus researcher at Kaspersky Lab.
The department is currently contacting all affected residents and has already notified “all relevant and necessary” state and federal agencies for assistance in remediating the breach. It is evident that government departments and organizations need to take proper measures to safeguard their network security, including hiring highly trained information security in order to prevent an information security breach. Information security professionals can increase their information security knowledge and skills by embarking on highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT).
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced IT security trainings for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing, malware analysis, advanced social engineering, cryptography, digital mobile forensics training, and web application security, among others information security training.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).