BreachExchange mailing list archives
Nasdaq Server Breach: 3 Expected Findings (fwd)
From: security curmudgeon <jericho () attrition org>
Date: Wed, 26 Oct 2011 03:37:07 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.informationweek.com/news/security/attacks/231901580 By Mathew J. Schwartz InformationWeek October 25, 2011 Remember the Nasdaq breach? It's worse than previously thought. Last week, two experts with knowledge of Nasdaq OMX Group's internal investigation said that while attackers hadn't directly attacked trading servers, they had installed malware on sensitive systems, which enabled them to spy on dozens of company directors. "God knows exactly what they have done. The long-term impact of such [an] attack is still unknown," cyber security expert Tom Kellermann, CTO of AirPatrol, told Reuters, which reported the experts' findings. In February 2011, Nasdaq OMX Group had confirmed that its servers had been breached, and suspicious files found on servers associated with Directors Desk, which is a Web-based collaboration and communications tool for senior executives and board members to share confidential information. The product has about 10,000 users, according to the company's website. At the time, Nasdaq said that it had discovered the attack in October 2010, immediately removed the suspicious files, and launched an investigation, saying "at this point there is no evidence that any Directors Desk customer information was accessed or acquired by hackers." But it wasn't clear how long the malicious files may have resided on Nasdaq's systems. Indeed, based on past breaches, many businesses fail to spot when they've been hacked, at least right away. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Nasdaq Server Breach: 3 Expected Findings (fwd) security curmudgeon (Oct 26)