Anthem Hack Caused By A Phished System Admin?



The foreign hackers who stole up to 80 million records from Anthem social engineered their way into the company's network by obtaining the credentials of five tech workers. Thomas Miller, the Anthem's chief information officer said the first sign of the attack came when a systems administrator noticed that a database query was being run using his identifier code although he hadn’t initiated it. Was he phished?


Forensics Team Says "Phishing"

The Mandiant forensics team that was called in to investigate the hack now believe the criminals got in through by phishing which tricked the five tech workers into unknowingly revealing a password or downloading a Trojan with a keylogger software.

At this point it is thought that the system administrator who was social engineered took over a month to notice that his own credentials were being used. This shows a significant lack of security awareness, as well as a lack of good audit practices.

To quote Anthem's website, "Security awareness training is incorporated into annual compliance training," which means that there is no continual security awareness training, and that's not cutting it as we continually see (Home Depot, Target). This picture is a screen shot from the Anthem website:

Anthem-yearly-training-1

If you want to spend less time putting out fires, get more time to be proactive, and get the things done you know need to be done, step employees through effective security awareness training. It will help you prevent this kind of disaster or at least make it very hard for the bad guys to social engineer employees. Find out how affordable this is for your organization. Get a quote now:

Get A Quote Now


Topics: Phishing



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews