Finjan, who in the past has discovered similar types of data, discovered a server that housed over five thousand unique log files containing some interesting information. The information, according to the security company, contained sensitive communications from well-known businesses, and personal information from individuals captured from infected computers.
Should you be worried about the information stored on this server or that the network where the information was obtained was compromised? (IMG:J.Anderson)
Finjan’s Malicious Code Research Center (MCRC) detected the server, which was used as a Command and Control (C&C) for the Malware that was executed on infected PCs. This same server was also drop off point for private information being harvested by the Malware. The C&C server allowed the attacker to harvest information and control the infected systems. The other issue, as Finjan explained, was that the captured data was left unprotected, and available to anyone online malicious or otherwise. (Note: This should come as no surprise. Why would a criminal care if the data they stole were left un-protected for others to access?)
The data that was located came from all around the world and contained information from individuals and businesses, as well as renowned organizations, including healthcare providers. The server contained among others, 571 log files from the US, 621 from Germany, 322 from France, 308 from India, 232 from Great Britain, 150 from Spain , 86 from Canada, 58 from Italy, 46 from the Netherlands, and 1,037 from Turkey.
The data in the files varies from patient data and records, to bank data on customers, business related email, and in a few cases, captured Outlook accounts with email communications.
“This report provides a unique example of the type and amount of data today’s cybercriminals are collecting. [Malware] infected PCs are a serious business problem that requires proactive action since it is no longer just a technical IT problem. The existence of large amount of data on a server that hackers can easily manage and control shows the rapid evolution of cybercrime,” said Yuval Ben-Itzhak, CTO of Finjan. “We entered a new era in which criminals just need to log into their “data supplier” and download any information suitable for them to conduct their crime – being it financial fraud, industrial espionage, or identity theft.”
Not to underscore the severity of the issue, it is serious after all, but fraud, espionage, and identity theft have always been a goal for criminals, especially criminals in the technological age. With data being stored on computers, and the computers being placed in the public domain either by legit or malicious means, the information is there and available for anyone with the knowledge or means to grab it. Tip of the iceberg or not, this is nothing new to security people.
Finjan did the right thing, and alerted both the companies and law enforcement, what good that will do is unknown. The data was captured because of Malware infected users, which points to a larger problem for the business involved.
Do you want to prevent your data from ending up on data collection points like the one discovered by Finjan? Lock up and lock down the data on your network. Secure from the inside out, and that will get you started on the right foot.
View blog reactions
There are currently no comments for this article. Be the first to comment! (no registration required)
Advertising
There are currently no comments for this article. Be the first to comment! (no registration required)