Hackers have hit Japan’s pension system, getting away with over 1.25 million files of personally identifying information. An external e-mail virus was used to breach Japan Pension Service staff computers, according to system’s president Toichiro Mizushima, who apologized for the leak.
John Humphreys, CMO and co-founder of managed security service provider Proficio, told us this attack and the recent IRS data breach make it clear that government systems are increasingly at risk of being targeted by cybercriminals who want to steal and monetize personal identity data. In late May, the IRS revealed that fraudsters had accessed the archived federal tax filings of 100,000 taxpayers.
His best advice: “Agencies collecting and storing personal identifying information should review their security systems and controls to address this threat.”
Philip Lieberman, president of cyberdefense firm Lieberman Software, told us the APAC region -- and Japan in particular -- has been a region that has resisted adopting modern security technologies.
“The breach at Sony is typical of a culture that does not recognize the risks they are taking in world of Internet connected systems,” he said. “As a company we see the APAC region as an especially attractive region for criminals to exploit based on their wealth as well as lack of security.”
Bad Anniversary Breaches
We turned to Igor Baikalov, chief scientist at security analytics firm Securonix, to get a broader view of the security incident. He told us it seems like a round of anniversary breaches.
Heartland on Monday celebrated the seventh anniversary of the worst breach in the history of the connected world that took place back in 2008 -- when 130 million credit and debit cards were compromised -- by announcing a new incident that involves payroll information.
On top of that, Japan Pension Service celebrated the eighth anniversary of the pension-records scandal that cost Primer Minister Abe an election in 2007 by announcing this recent computer breach that exposed some 1.25 million files containing personal information.
What We Can Learn
What can we learn from these repeat incidents? Baikalov said past failures didn’t seem to improve future security in either organization.
“Download of infected e-mail, execution of the malicious attachment, account compromise, remote access, and subsequent data exfiltration are the most likely steps in the pension system hack that were either not detected or not connected together into the kill chain of the attack,” Baikalov said.
“Apparently, both antivirus control and data loss prevention failed in this scenario, and there were no user behavior analytics or anomaly detection engine employed that could detect account misuse and suspicious data movement,” he added. “As in the Heartland scenario, sensitive data was not encrypted and can inflict substantial damage if used for identity theft or financial fraud.”
Image credit: iStock/Artist's Concept.
Posted: 2015-06-06 @ 11:12am PT
People rely on unsafe software made by Intuit. If the IRS really has been hacked, it is due to lack of security in Intuit software. The talk that Russia or China may have carried out the process of hacking it is all false story. After bribing investigators in the case of Intuit tax fraud and then fabricating the story to cover up the security leaks in Inuit's products and the truth about that the IRS hacked from inside Intuit by well known employees.
Intuit Tax Fraud story started after I had reported the security leaks in QuickBooks. After that, what happened is a considerable disagreement between the Ex-employee -- so-called the whistleblower -- and between managers.
Why? Because the Ex-employee and some IT security Engineers Concealed my report about six months.
This video is the real reason behind Intuit Tax Fraud story.
The Cyber Security Place:
Posted: 2015-06-03 @ 1:18am PT
Nice Informative Article. Thanks. www.thecybersecurityplace.com