F i r s t l y i t w a s t a r g e t e d b y h a c k i n g g r o u p V 0 i D , w h i c h g o t

The Few Major IT Security Incidents in the Year 2011-2012

Following are the 5 most significant Security Breaches in 2011-2012: 1. April/May Sony PlayStation Network: More than 100 million users of Sony Corp.s online gaming platform had their accounts breached in what remains the most widespread Cyber Attack of the year. The potential cost to Sony has been estimated to range as high as US$24-billion. Sony discovered an external intrusion on PlayStation Network (PSN) and its Qriocity music service around April 19. Sony blocked users from playing online games or accessing services like Netflix and Hulu Plus on April 22. The blockage lasted for seven days. Sony believes criminal hacker(s) obtained names, addresses, email addresses, dates of birth, PSN/Qriocity password and login, and online IDs for multiple users. The attacker may have also stolen users' purchase history, billing address, and password security questions. Over the course of the next several months, Sony discovered that the hackers gained access to 101.6 million records, including 12 million unencrypted credit card numbers. Key- Learning's: After Sony got to know about the breach of the customer data, Sony didn't notified their customers to assure them that their Credit Cards were safe or to clarify whether their passwords were stored insecurely.

Still this point it is not clear whether Sony had provided relevant information about the breach to their customers so that they could take proper action to safeguard those information. Their decommissioned database from 2007 was compromised wherein it contained unencrypted credit, debit and direct debit information. Similarly, a list of sweepstakes winners from 2001 had their names and postal codes stolen as the insecure web server contained a world-readable excel spreadsheet. Sony lacked in the proper audition of the public-facing websites for accidental disclosure. Also, proper version control tools weren't in use to ensure that the data that is available matches the data you intended to publish.

2. April Epsilon: Epsilon, an email service provider for companies, reported a breach that affected approximately 75 client companies. Email addresses and customer names were affected. Epsilon has not disclosed the names of the companies affected or the total number of names stolen. However, millions of customers received notices from a growing list of companies, making this the largest security breach ever. Conservative estimates place the number of customer email addresses breached at 50 to 60 million. The number of customer emails exposed may have reached 250 million. Key- Learning's: Compromised email addresses and names may seem innocuous to some, but victim may fall prey to spear phishing. Spear phishing occurs when a criminal sends an email that sounds and looks like its from a company the recipient has an account with because it addresses him or her by name. A spear-phishing message might say, "Hello Mr.Anderson, Because of the recent hacking incident affecting some Acme customers, we are asking you to visit this website [URL provided] and update your security settings. The email tries convince trusting readers to bite on the bait and go to that website, and then divulge other information like Social Security numbers and credit card numbers. The result could be as serious as identity theft. The Epsilon breach is also significant because it highlights the risk of cloud-based computing systems and the need for greater cloud security measures. -

3. February/March Online Travel site TripAdvisor : Security at the worlds largest travel website was breached by an unauthorized third party. The email addresses belonging to some of TripAdvisors 20 million members were taken. TripAdvisor is a worldwide forum where anyone can contribute hotel reviews. The 18 websites that operate in 27 countries under the TripAdvisor Media Group which is owned by online travel giant Expedia Inc. contain a collective 45 million such reviews written by some 20 million members. An email was sent to subscribers by TripAdvisor chief executive Steve Kaufer saying that the company actively pursued the matter with the law enforcement and that the source of the vulnerability was discovered and shut down. Also, it was said that only a portion of all member email addresses were stolen and all member passwords remain secure. All the stolen e-mail addresses had got exposed to unsolicited mails, spams, as a result of this incident. Key- Learning's: Here too, all the member's e-mail addresses were stored in a manner where in the data wasn't encrypted to secure it from getting exposed even if gets into the hands of the intruder. Proper Data Breach Response Plans were in place so that proper steps could had been taken for any particular Data Breach event is triggered. Proper technology and right processes should had been in place wherein any Data Breach occurred should be spotted asap. Proper Firewall configuration should had been maintained and should be counter checked periodically.

4. February NASDAQ Stock Exchange : Americas largest electronic stock exchange was repeatedly penetrated by computer hackers over the past year. Data deemed suspicious by the operator of the NASDAQ Stock Exchange was found and removed from the companys servers. The NASDAQs central trading platform which physically executes the buying and selling of shares was not compromised, a spokesman confirmed. Attackers breached Directors Desk, a cloud-based NASDAQ system designed to facilitate boardroom-level communications for 10,000 senior executives and company directors. By monitoring Directors Desk, attackers may have had access to inside information, which they could have sold to competitors or perhaps used to make beneficial stock market trades. Illegal financial gain, the selling of confidential trade secrets and a direct threat to U.S. national security were all being considered as potential motivations by investigators. Key- Learning's: While the investigations were carried out, the following conclusions were found which had to be addressed urgently as it was result of the lax security mechanisms practices were being followed: Most of the computers were found with out of date software. Misconfiguration of Firewalls, this is the main lapse in the network security as firewalls are the main entry point to the network. Also, security patches which were not installed that could have fixed known bugs of which could have exploited by the intruders. Versions of Microsoft Corps Windows 2003 Server operating system, for example, had not been properly updated.

5. August Toshiba : According to a statement from the Japanese corporation, the information of as many as 7,520 Toshiba customers was stored on the server. However, as of now, it has only confirmed the compromising of email addresses and passwords of 681 users. The company added that no Social Security numbers were included on the database, nor was any financial or credit card data. It was targeted by Hacking Group V0iD, which got into a server for Toshiba America. The group said, it had managed to gain user-names and passwords of the 450 customers and around 20 resellers as well as around 12 administrators on the company's Electronic Components and Semiconductors and Consumer Product Wings. The information stolen was relating to people who had bought products from registered Toshiba retailers. Key- Learnings: Although Toshiba has said no financial data was taken, the email addresses and passwords are powerful enough to as they can be used to help the hackers log into other sites, because many of the internet users use the log-in credentials for many sites. Using these mail addresses, intruders may get into mail accounts and may send out malicious codes or mails.

Thus in this case too, the User information wasn't stored in secure way, such as in encrypted form so that even if it is compromised it can't extract the exact information. During this last year, most of the data breaches has occurred, Toshiba didn't learn about the companies are being targeted and they didn't tried to harden their systems.

Common Points to consider: In all these cases, each organization restrained itself from publishing the Data Breach which happened to the concerned members, if had, the members would had practiced some precautionary mechanisms to avoid getting exploited. Each organization didn't consider the option to keep the customer data secure in an encryption form, if had, even if the data breach has occurred the data would had been safe. Also, proper hardening techniques weren't followed wherein the proper update and the patch management has to be performed, so that minor intrusion could be avoided. Proper Firewall Configuration should be followed with proper Packet filtering based on the IP addresses and implementing stateful packet inspection mechanisms.