Hackers Make it Personal

August 1, 2017 | Dan Barahona

It’s only Tuesday morning and it’s already been an interesting week in cybersecurity. First we learned about an attack on a major security company, targeting their research analysts. The goal of “Operation #leaktheanalyst,” apparently, is to name researchers and, in their own words: “let’s track them on Facebook, Linked-in, Tweeter, etc: let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field. If during your stealth operation you owned an analyst, target him and leak his personal and professional data, as a side job of course.”

Yesterday we also learned of another significant breach at a large organization. Based on the documents and details released from the attack we again see hackers targeting specific individuals -- in this case a high profile executive. The attackers were able to collect large quantities of personally identifiable information, including usernames and passwords for a myriad of work and personal systems, cell phone details and other personal records.

These two examples from Monday indicate an alarming trend to not only target organizations, but security personnel and key executives specifically. It’s not enough to carry out the attack, harvest corporate IP, etc. Now employees are being personally harmed.

We are recommending to our members that they review and enhance security for these types of employees, including more stringent password protection, credential monitoring (detection of leaked accounts), and training. As we have seen, security personnel and high profile executives are not immune to attacks.

I’m reminded of a recent trip to the bank to open accounts for my children. They had a million questions about how the bank would secure their treasured savings. They even asked the banker how they could be sure he was real bank employee. We had a long chat about security, and also about cybersecurity. My son mentioned how he can earn his Arrow of Light badge with the Cub Scouts by passing a cybersecurity test. I was impressed how much they knew before the age of 10. It’s possible they get more cybersecurity education than many executives. With the new focus on targeting individuals in key roles education is now more important than ever.

Dan Barahona
About the Author

Dan Barahona

Dan is the Chief Marketing Officer at Anomali and leads the marketing and business development activities, bringing together his technical and background and business savvy. His career spans many sectors of security and many different roles.

Get the latest threat intelligence news in your email.