Network equipment vendors that are focusing on security in the data center and cloud may be ahead of the curve. Case in point: Yahoo revealed yesterday that 500 million of its accounts were compromised in 2014. The unknown culprit gained information about Yahoo users’ names, email addresses, telephone numbers, dates of birth, and answers to security questions.
A cybersecurity analyst at Flashpoint says it was a database breach across all Yahoo integrations, including clouds. Further, Yahoo blames the breach on “state-sponsored” actors, and Vitali Kremez, the cyber intelligence senior analyst we spoke to at Flashpoint, agrees.
He bases that determination on the fact that even though the breach occurred in 2014, the stolen data had not surfaced in any dark marketplace, until possibly in August 2016. “The motive is likely not financial, says Kremez. “It’s likely to be espionage.”
Asked if Yahoo could have done anything to prevent this, Kremez says the search engine company probably adhered to general security practices such as having a dedicated security team, maintaining a robust patch management system, reviewing logs, and isolating its databases.
But the breach is so egregious, Kremez says, “It’s almost like they stole the grand piano from the house while the family was home.” The breach probably derived from “a single point of failure,” he says. If a company stores all its data in one location, “it becomes a treasure box for criminals.”
Companies that practice superior cyber hygiene separate data for each user, spreading it across data center assets. That way, if a culprit obtains some information, such as names and emails, he doesn’t also obtain the security answers.
Eric Chiu, president of HyTrust, a company that does workload security, says 500 million records is such a huge amount of data that it could only be stolen if someone had access on Yahoo’s network with admin credentials. Hackers gain this access by using “social engineering” to trick employees into providing network information. Or they gain access by using malware.
“Given the amount of data, the attacker was on the network for a significant amount of time,” says Chiu.
Why Didn’t Yahoo Encrypt?
Chiu says companies should encrypt their data. That way, even if the data is stolen, it’s useless.
Yahoo’s data centers would be part of its private cloud. But Chiu says, “There’s a juxtaposition about how they’re concerned with security, but the priorities and monies aren’t being spent accordingly.”
Both Chiu and Kremez agree that companies don’t take available security precautions because they cost money and don’t bring in revenue.
However, the New York Times reported that the cost to remediate a data breach is $221 per stolen record. So in Yahoo’s case, that would top its $4.8 billion sales price to Verizon. And this breach might even jeopardize the sale.
What do state-sponsored actors do with identifying data from 500 million accounts if they’re not selling them? Kremez says they cull the data to exploit high-value individuals such as C-level executives and politicians — impersonating them, harvesting their personal information, and orchestrating further attacks.
And when they’re done with an account, they might sell it on the dark market.