IoT
IoT
IT Leadership
News
3/25/2016
02:06 PM
50%
50%

Verizon Enterprise Data Hit, Hackers Seek Big Payday

Verizon Enterprise Solutions is the latest company to fall victim to a data breach where cyber-criminals are targeting potentially lucrative corporate information, rather than details about consumers.

10 Stupid Moves That Threaten Your Company's Security
10 Stupid Moves That Threaten Your Company's Security
(Click image for larger view and slideshow.)

Verizon Enterprise Solutions, which is a division of Verizon that helps Fortune 500 firms respond to data breaches, became itself the latest corporate victim of a security breach. The cyberthief is now attempting to sell information gleaned off of the company's enterprise client portal.

Verizon's security breach is just another example of cyber-criminals pilfering potentially lucrative corporate information instead of going after consumer data.

In this particular case Verizon Enterprise Solutions had contact data for an estimated 1.5 million of its customers taken. The cyberthief is looking to sell the information for $100,000 in its entirety, or in sets of 100,000 records for $10,000 each, according to a Krebs on Security report.      

The security breach did not extend to Verizon's customer base of consumers, the company told InformationWeek.

(Image: Mikko Lemola/iStockphoto)

(Image: Mikko Lemola/iStockphoto)

"Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible. The impacted customers are currently being notified," Janet Brumfield, a Verizon Enterprise spokeswoman, said to InformationWeek.

Krebs notes in his report that any buyer of the Verizon Enterprise contact data will likely use it to for phishing or other types of attacks. By coaxing unsuspecting employees to inadvertently provide access to their computer and network in a phishing scheme, the buyer of the Verizon data can leverage their investment and attempt to pilfer data from these customers.

Maxim Weinstein, a security advisor for Sophos, told InformationWeek that attacks on enterprises are on the rise.

"There definitely has been an increase in attacks targeting enterprises over the last couple years. And it is not just large enterprises, but small and midsize businesses, as well," Weinstein said. "One scam we've been seeing a lot is a "spear phishing" (targeted fake email) attack against someone in finance or HR. It looks to be a very believable email from a trusted senior executive, likely one who is traveling, requesting an urgent transfer of money or data. Of course, the transfer is really going to the attackers."

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

He added that with many of these attacks this type of scam takes advantage of a combination of human nature, or social engineering, insecure processes like not requiring confirmation in person or via a trusted channel, and gaps in technical security measures, such as data loss prevention tools.

"Targeted attacks are far more likely to be aimed at companies, like the Verizon case, or government agencies, as these are likely to have some combination of high value data, large bank accounts, and political or 'bragging rights' value," Weinstein said. 

Wade Williamson, director of threat analytics at Vectra Networks, noted that enterprises also tend to be much more valuable locations for a criminal to go hunting, because they naturally are likely have a centralized tranche of data. "For instance, if you want to steal payment card data, it obviously makes sense to steal by the thousands from a retailer, as opposed to one at a time from individuals," he noted.

Morey Haber, vice president of technology at BeyondTrust explained there are two primary objectives for cyber-criminals to target enterprises. One is to extract information to monetize through reselling the information, and the other is to disrupt or embarrass the company in order to impact its business.

[Editor's note: This article was updated to add the comments of Wade Williamson and Morey Haber.]

Dawn Kawamoto is a freelance writer and editor. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's News.com, TheStreet.com, AOL's DailyFinance, and The ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GregZ213
50%
50%
GregZ213,
User Rank: Apprentice
3/28/2016 | 10:26:58 AM
Root Cause
"Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal."

In other words, that security patch we've been ignoring for the past few months bit us in the arse!
batye
50%
50%
batye,
User Rank: Ninja
3/28/2016 | 9:27:25 AM
Re: HR
@Joe with security is never ends as hackers keep trying mix of old and new... and during tax season it easy to forget:(...
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/28/2016 | 8:59:07 AM
Re: HR
@batye: Thanks for that tidbit.  I'll look into that and maybe share a missive with my clients.
batye
50%
50%
batye,
User Rank: Ninja
3/28/2016 | 12:38:15 AM
Re: HR
@Joe Stanganelli, I keep reading from time to time HR do get hacked with some of the Co. when HR open email called "updated request for W8 form."  during tax season...
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/27/2016 | 11:28:39 AM
HR
I wonder if there aren't better employee policies about phishing and cybersecurity precisely because HR falls prey to so many of these attacks.  ;)
Michelle
50%
50%
Michelle,
User Rank: Ninja
3/26/2016 | 2:53:06 PM
Pull up the gates!
I wonder if the enterprise customers have a big moat around the rest of thier data. Now would be a great time to pull up the gates.
Research: 2014 US IT Salary Survey
Research: 2014 US IT Salary Survey
Our survey of nearly 12,000 respondents shows IT pays well -- staffers rack up a median total compensation of $92,000, and managers hit $120,000. Industry matters. And the gender pay gap is real and getting wider.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of August 14, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.