This morning, Graham Cluley Security News broke the news that eBay confirmed a security breach that could impact 128 million active users. According to eBay, the compromised database contains user names, encrypted passwords, email addresses, physical addresses, phone numbers and date of birth. The compromise occurred through a small number of employee log-in credentials, enabling unauthorized access to eBay’s corporate network. eBay detected the breach approximately two weeks ago, but the compromise occurred more than two months ago, in late February and early March.
It is easy to draw parallels between today’s eBay breach and the Target data breach in late 2013, which compromised as many as 40 million customers during the holiday shopping season. Target continues to feel the lingering effect of this breach, reporting a 16 percent loss in earnings today.
eBay and Target are both large consumer-facing organizations that store millions of sensitive records about its customers – records that cyber criminals find very valuable. In both attacks, it was the employees of eBay and Target that were compromised first, serving as beachheads into sensitive systems.
In the fallout of the Target breach, it was revealed that Target was using a popular advanced threat protection solution, enabling advanced detection and monitoring, but Target did not act on its alerts. According to a Bloomberg report, eBay was using a similar system. It remains to be seen if a similar narrative of non-actionable “intelligence” emerges from eBay in the coming weeks.
What is evident is that the current information security model is broken. Industry analysts write about a lifecycle that comprises protection, detection and resolution – yet a full two-thirds (detection and resolution) are based on an assumption that you will be infected!
CIO Journal reports on an industry analyst’s issue with detection and alerts, “It becomes like the car alarms going off in a parking lot – no one takes them seriously because generally there are too many false car alarms. And even if it was a real alarm, most people wouldn’t know what to do about it.”
Endpoint devices continue to be the weakest link in the chain. Existing protection on a PC, such as anti-virus, is ineffective and naïve end users are easily compromised. As a result, they remain a high value target for criminals. Organizations need to take the responsibility of security out of end users’ hands – we like to say, “You can’t educate the idiot out of me.” Endpoint protection needs to be overhauled to enable security against all attacks – not just those that can be detected – to prevent cybercriminals from obtaining unauthorized access to sensitive systems. Every single protection mechanism has always relied on the integrity of the kernel, except Bromium. Bromium is the first solution that leverages the hardware isolation features of a CPU to protect its users from targeted attacks.