Latest US Payroll Electronic Heist Attempt Highlights Value Of Stolen Credentials
Amichai Shulman, 12/08/2010, posted in "Analysis"
Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognised research organisation focused on security and compliance. Amichai regularly lectures ...more info
Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognised research organisation focused on security and compliance. Amichai regularly lectures at trade conferences and delivers monthly eSeminars. Prior to Imperva, Amichai was founder and CTO of Edvice Security Services, a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Amichai served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology. ...less info
A payroll hijacking incident in New York State – in which a Westchester County-based pharmaceuticals company, Regeneron, computer was hacked and cybercriminals attempted to divert salary deposits to their own mule bank accounts – has been called a classic stolen credentials case by Imperva, the data security specialist.
In this incident, hackers stole the online credentials to a payroll processing application belonging to an employee working for the pharmaceutical company.
By using the stolen credentials from Regeneron, the attackers were able to gain access to Ceridian’s online management system. The credentials were likely to belong to an accounting manager, or any other administrator responsible for Regeneron’s finances, since the hackers then attempted to transfer the direct deposit salary of nine other employees, to their accounts.
This is a classic case of stolen credentials. These are direct credentials to a processing application. In this case the thieves didn’t need to steal social networking credentials in an attempt to gain payroll details, they already had these credentials to hand. Past research has shown that many people use the same credentials for multiple sites; people need to start being more cautious of what credentials they are using for different sites. To stop unauthorized access to other applications, we urge everyone to use different, strong credentials for multiple sites to avoid cases like these reoccurring in other applications.
This latest incident should raise a concern within Regeneron not only with respect to employee data but also with respect to other sensitive data processed by the company such as clinical trial data. This in terms may be sensitive for people outside of Regeneron as well.
For more on the latest Ceridian-linked security problem: http://bit.ly/cMV7zD
Subscribe via RSS or via email
