Along with about 88.8 million other people's private records, all of my medical and financial data has likewise been stolen, according to auditors of Anthem insurance. Hmm, thanks. Good that I never assumed any medical related department could keep data private anyway.
Technical details on the hack, from Infoworld.com
""" What is known is that the Anthem attackers created a bogus domain name, "we11point.com," (based on WellPoint, the former name of Anthem) that may have been used in phishing-related attacks. Companies try to detect such confusing domain names -- a practice known as typosquatting -- but are not always successful. One of Deep Panda's attack methods is to create fake websites that imitate corporate services for companies. In Anthem's case, the attackers set up several subdomains based on "we11point.com," which were designed to mimic real services such as human resources, a VPN, and a Citrix server. By targeting Anthem employees with phishing emails and luring them to the fake sites, it may have been possible for the attackers to collect the logins and passwords and eventually access the insurer's real systems."""
Ref: http://www.infoworld.com/article/2898658/security/premera-anthem-data-breaches-linked-by-similar-hacking-tactics.html
Technical details on the hack, from Infoworld.com
""" What is known is that the Anthem attackers created a bogus domain name, "we11point.com," (based on WellPoint, the former name of Anthem) that may have been used in phishing-related attacks. Companies try to detect such confusing domain names -- a practice known as typosquatting -- but are not always successful. One of Deep Panda's attack methods is to create fake websites that imitate corporate services for companies. In Anthem's case, the attackers set up several subdomains based on "we11point.com," which were designed to mimic real services such as human resources, a VPN, and a Citrix server. By targeting Anthem employees with phishing emails and luring them to the fake sites, it may have been possible for the attackers to collect the logins and passwords and eventually access the insurer's real systems."""
Ref: http://www.infoworld.com/article/2898658/security/premera-anthem-data-breaches-linked-by-similar-hacking-tactics.html
## Jonathan Cline ## jcline@ieee.org ## Mobile: +1-805-617-0223 ########################
0 comments:
Post a Comment