Last updated 2/12/2015 - The foreign hackers who stole up to 80 million records from Anthem social engineered their way into the company's network by obtaining the credentials of five tech workers. Anthem announced a few days ago that hackers stole names, Social Security numbers and other sensitive information in a breach that was first detected on Jan. 27.
Forensics Say "Phishing"
The forensics team that was called in to investigate the hack now believe the criminals got in through by phishing which has tricked the employees into unknowingly revealing a password or downloading a Trojan with a keylogger software.
It is clear that Anthem is the victim of an Advanced Persistent Threat, because the evidence shows they have been under sustained attacks for a long period of time. Looks like China is the culprit in this case, but they got in through a relatively simple attack.
Thomas Miller, the Anthem's chief information officer said the first sign of the attack came in the middle of last week, when a systems administrator noticed that a database query was being run using his identifier code although he hadn’t initiated it.
At this point it is assumed that the system administrator who was social engineered took over a month to notice that his own credentials were being used. This shows a significant lack of security awareness, as well as a lack of good audit practices.
To quote Anthem, “Security awareness training is incorporated into annual compliance training,” which means that there is not continual security awareness training and that as we have seen is no longer cutting it. This picture is a screen shot from the Anthem website:
Customer Warning
Anthem warned that scammers are now targeting current and former Anthem customers with phishing emails which try to trick users into clicking on malicious links. The emails invite customers to enroll in free credit monitoring by clicking on a link, which the company said is a trick aimed at stealing customers’ personal information. Here is an example how this can look. This is a template that was created by KnowBe4 so that customers can send this to their employees and inoculate them against these phishing attacks.
“There is no indication that the scam email campaigns are being conducted by those that committed the cyberattack, or that the information accessed in the attack is being used by the scammers,” the company said in a statement.
It is clear that you need to step employees through effective security awareness training so that this kind of disaster is prevented or at least made very, very hard and bad guys have no luck social engineering employees. Find out how affordable this is for your organization today.