Dec 31, 1969

Malicious Virus Allowed Hackers Access to Sensitive Data Maintained by Government Contractor SRA International … Other Companies Also Believed to be Hit

SITUATION SUMMARY

Employees, former employees and dependents of employees enrolled in benefits program at federal security agencies are being notified that their personal information may have been compromised after hackers planted a virus on computer networks of government contractor SRA International.

SITUATION ANALYSIS

Advances in malware, bot-nets, phishing and countless other attack vectors make it very difficult to know what’s infiltrating critical systems - there are literally thousands of ways for these to make their way into an organization. For decades these types of attacks have been the most costly information security threats for organizations both large and small.

According to the notification letter submitted by SRA International to the Maryland Attorney General's office on Jan. 20, 2009, the virus responsible for the security breach was not detected by the Company’s antivirus software and slipped past the SRA firewalls.

This attack allowed hackers to gained access to sensitive data maintained by SRA, including employee names, addresses, Social Security numbers, dates of birth, and health care provider information.

While firewalls and intrusion detection/prevention systems are essential, they are dependent on known attack-signatures to be effective and they are often useless against attacks such as these. To ensure the integrity of business critical networks and servers organizations require multi-layered security solutions that can detect a change and provide an immediate response to triage and mitigate the event.

SECURITY SOLUTION

CimTrak protects against external attacks that slip by an organization’s firewall and is not dependent on outside intelligence of new hacker or virus methods to be 100 percent effective.

CimTrak detects in real-time any unauthorized change to vital applications and servers including: operating system settings, system files, directories, data files and file attributes. CimTrak knows exactly what the directories, files, and data on your critical servers look like and if there is ANY unauthorized change CimTrak detects it instantly and immediately takes corrective action.

CimTrak ensures the integrity of business critical networks and servers by instantly restoring them to desired state - no matter what caused the unwanted change. This multi-layered solution protects against external attacks that slip by your perimeter defenses as well as internal attacks occasional accident

The risks of unauthorized disclosure, modification, and destruction of sensitive information are real, but can be minimized through a mix of multi-layered security solutions and good information security practices. Let us help you design the right solution for your organization today. Call 219-736-4400 today for more information.

Fired Fannie Mae Engineer Plants Malware Time Bomb

Dec 31, 1969

Contractor Indicted on Charges of Planting Malicious Script on a Server After He Was Fired ... This Underscores the Dangers of Insider Threat

SITUATION SUMMARY

A fired Unix engineer working as a contractor at a Fannie Mae facility in Maryland stands accused of planting a malware time bomb, set to go active on January 31, 2009, that had the potential to destroy countless computer files.

SITUATION ANALYSIS

Insiders constitute the greatest threat to your organization's security; they have the potential to cause the biggest amount of damage, as seen in the Fannie Mae incident this year.

Most organizations' security efforts are focused on shoring up network perimeters. But, the focus must be expanded to protecting sensitive corporate data from insiders - trusted employees and business partners - who might either maliciously steal or inadvertently leak information.

According to reports, Rajendrasinh Makwana, was indicted on January 27 for the attempted malware attack. Federal officials said Makwana was terminated because on or about October 10th or 11th he created a computer script that changed the setting on the Unix servers without getting approval from his supervisor. That script was not malicious. Several days after Makwana was terminated, another Unix engineer discovered the malicious script embedded within that legitimate script.

Access to Fannie Mae's computers for contract employees was controlled by the company's procurement department, which did not terminate Makwana’s computer access until late in the evening October 24.

Fannie Mae’s nationwide internal computer network includes about 4,000 servers. Had the malicious script executed, the script would have propagated itself out to all 4,000 servers, thereby damaging all of Fannie Mae’s data. It is estimated that the damage would have cost millions and possibly shutdown operations at Fannie Mae for at least a week.

SECURITY SOLUTION

This case underscores the damage disgruntled employees can potentially do to a network. CimTrak detects in real-time any unauthorized change to vital applications, servers and network infrastructure including: operating system settings, system files, directories, data files and file attributes.

CimTrak knows exactly what the directories, files and data on your critical servers look like and if there is ANY unauthorized change CimTrak detects it instantly and immediately takes corrective action.

cimtrak logo

Malicious Virus Allowed Hackers Access to Sensitive Data Maintained by Government Contractor SRA International … Other Companies Also Believed to be Hit

SITUATION SUMMARY

SITUATION ANALYSIS

SECURITY SOLUTION

Contractor Indicted on Charges of Planting Malicious Script on a Server After He Was Fired ... This Underscores the Dangers of Insider Threat

SITUATION SUMMARY

SITUATION ANALYSIS

SECURITY SOLUTION

right_common for home,cimcor and cimtrak

Join Us At These Upcoming Events: