26 February 2015
In his report ‘Anthem: company says five employee’s credentials phished and used’ posted on IT Security Guru at 12 February 2015, Dan Raywood gives us some background details about how the hack occurred.
The attackers used a phishing attack to steal the credentials of employees. To be honest, I’m relieved to hear that. No rocket science! Phishing is and remains the #1 attack vector.
Awareness training and Two Factor Authentication are the preferred preventive protection measures. Anthem did the right thing. In report ‘Anthem’s IT system had cracks before hack’ we read: ‘Then on Feb. 7 and 8, Anthem reworked all its IT accounts that have privileged access to sensitive information to now require three layers of authentication—a permanent login, a physical token, and a temporary password that changes every few hours.’
If Two Factor Authentication could not be implemented, SmartScreen Filtering in Internet Explorer or the Reported Attack Site Blocker in Firefox could be helpful. The error messages can hardly be ignored:
Some anti-malware packages, e.g. Trend Micro Maximum security, will also block access to malicious sites. But the above options are of limited use in the case of zero day exploits, although it’s amazing to see how fast the filters are updated.
Have a good day! … And, don’t forget to activate SmartScreen Filtering as soon as possible.