Article by Josh Shaul , CTO, Application Security, Inc.
Today, Application Security, Inc. hosted a webinar to answer and clarify what the LizaMoon and Epsilon data breaches really mean to organizations and how to safeguard critical data from future threats. (*Note: To view the archived webinar, click here.)
These breaches have garnered widespread media attention – with the most recent Epsilon data breach taking the lion share of the attention.
Initially LizaMoon showed to be quite significant with a reported 1.5 million websites affected, according to Websense.
While this was later significantly downplayed in the media, the hysteria fizzled out and everyone continued to focus attention on Epsilon.
After all, that breach hit well-known household brands – and most people received at least one notification – if not several.
While we agree Epsilon was a significant breach – we are finding more data and having conversations with folks that have actually been hit by LizaMoon – which is proving to potentially be more significant than realized.
Immediately after the webinar, my phone rang and it was a CISO telling me that his organization had been hit by LizaMoon.
This CISO continued to tell me that his organization determined it was hit by LizaMoon on Friday.
This CISO took snapshots and conducted analysis to confirm this attack. By Sunday, the attackers had come back and cleaned up all traces of the original attack.
On Monday morning, when the CISO’s Webmaster came in and looked at his logs, he assumed this attack must have been a false positive, as there was no evidence of foul play.
So, this got me to thinking:
- If an organization didn’t catch the attack by Friday – and the hackers came back and covered their tracks – they might not know of the breach.
- What if the attackers set up backdoors to come back another time? Now that they have been inside the network and know exactly where to look for the organization’s critical data – who is to say they won’t be back?
- Could this be the beginning of a much larger scale attack to be carried out in the future?
The information that this CISO confided in me begs the question as to whether LizaMoon is actually the more significant and dangerous of the two reported breaches.
What are your thoughts?