Premera is still stuck in my mind

9 April 2015

Every data breach tells a story. Since only the attacker has the detailed story board we are left to guesswork about the plot of the cyber-attack. But from the sometimes weeks later published really interesting news about a cyber-attack we could try to create our own rough storyboard.

The lessons learned from the plot of a cyber-attack

  • May show the weak points of our defense system, or
  • May support us in evaluation of our defense system and the residual risk we take, or
  • May support us in developing appropriate counter measures.

I’m in particular interested in the beginning of the story (the initial attack vector). And of course in the development after gaining access to a company’s network.

In the next weeks I like to develop a plot of the Premera cyber-attack. I would be pleased if you would join me in this journey. Suggestions and comments are highly welcome.

Here’s some food for thought. Dan Bowman writes in ‘Premera knew systems were vulnerable prior to attack’ published 19 March 2015:

Premera’s systems initially were breached on May 5, 2014, but were not detected until Jan. 29 of this year.’

How could attackers stay undetected for nearly nine month? Any ideas?

Have fun!