IT Security Stories to Watch: USPS, Home Depot Cyber Attack Updates
The United States Postal Service (USPS) today reported a “cybersecurity intrusion” into some of its information systems. Plus we have updates on the recent Home Depot breach, a look at how U.S. agencies are dealing with cyberthreats, and a new advanced persistent threat uncovered by Kaspersky Lab called Darkhotel.
But first, the USPS news. Officials at USPS has reported a cybersecurity intrusion where perpetrators may have gained access to personally identifiable information about employees, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment and emergency contact information may have been compromised.
How bad was the USPS cyber attack? And what can managed service providers (MSPs) learn from it? Check out this week’s IT security stories to watch to find out:
1. USPS suffers “cybersecurity intrusion”
Reuters today reported cybercriminals recently attacked USPS, and personal information from about 500,000 USPS employees as well as data on customers who contacted its call center from January through mid-August may have been compromised.
“The postal service has recently learned of a cybersecurity intrusion into some of our information systems. We began investigating this incident as soon as we learned of it,” a USPS official said.
USPS said its transactional revenue systems in post offices as well as on usps.com have not been affected by the incident, and there is no evidence that any customer credit card information from retail or online purchases was compromised.
The FBI is working with the postal service to investigate the incident, FBI spokesperson Joshua Campbell said.
2. Home Depot releases the results of its payment breach investigation
The Home Depot (HD) in September reported 56 million customer credit cards and pin numbers were stolen, and the multinational home improvement retailer last week said cybercriminals stole separate files that contained approximately 53 million customer email addresses too.
Cybercriminals used a third-party vendor’s username and password to access Home Depot’s network as part of a cyber attack against the home improvement retailer, according to a Home Depot report on the retailer’s payment breach investigation.
Other report results included:
- Hackers were able to navigate portions of Home Depot’s network and deploy custom-built malware to evaluate the retailer’s American and Canadian systems.
- Hackers stole credentials that did not provide direct access to the company’s point-of-sale (POS) devices.
- The malware used in the attack had not been seen in any prior attacks and was designed to evade detection by antivirus software.
Several IT security experts have already called the Home Depot data breach “the biggest hack in the history of American retail,” and Home Depot officials said costs related to the data breach “may have a material adverse effect” on the company’s financial results in the fourth quarter of fiscal 2014.
3. Are U.S. agencies struggling against cybercriminals?
The Associated Press today reported U.S. Computer Emergency Readiness Team (CERT) data revealed the number of reported breaches just on federal computer networks rose from 26,942 in 2009 to 46,605 in 2013.
AP researchers also found 21 percent of all federal breaches were traced to government workers.
“We’ll always be vulnerable to … human-factor attacks unless we educate the overall workforce,” said Eric Rosenbach, the U.S. Department of Defense‘s assistant secretary of defense for homeland defense and global security.
4. Kaspersky Lab investigates “Darkhotel” espionage campaign
The antivirus software company noted Darkhotel typically affects travelers who are staying at luxury hotels and “drives its campaigns by spear-phishing targets with highly advanced Flash zero-day exploits that effectively evade the latest Windows and Adobe defenses.”
“[Darkhotel] has operational competence, mathematical and crypto-analytical offensive capabilities and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision,” Kurt Baumgartner, Kaspersky’s principal security researcher, said in a prepared statement.
Kaspersky offered the following recommendations for corporate executives to safeguard their sensitive data against Darkhotel:
- Choose a Virtual Private Network (VPN) provider for an encrypted communication channel when accessing public or semi-public Wi-Fi.
- Always regard software updates as suspicious when traveling. Confirm that the proposed update installer is signed by the appropriate vendor.
- Ensure your Internet security solution includes proactive defense against new threats rather than just basic antivirus protection.
Kaspersky added the most recent Darkhotel targets included top executives from the U.S. and Asia who were doing business and investing in the Asia-Pacific region.