BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Nasdaq Server Breach: 3 Expected Findings (fwd)

From: security curmudgeon <jericho () attrition org>
Date: Wed, 26 Oct 2011 03:37:07 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.informationweek.com/news/security/attacks/231901580

By Mathew J. Schwartz
InformationWeek
October 25, 2011

Remember the Nasdaq breach? It's worse than previously thought.

Last week, two experts with knowledge of Nasdaq OMX Group's internal 
investigation said that while attackers hadn't directly attacked trading 
servers, they had installed malware on sensitive systems, which enabled 
them to spy on dozens of company directors. "God knows exactly what they 
have done. The long-term impact of such [an] attack is still unknown," 
cyber security expert Tom Kellermann, CTO of AirPatrol, told Reuters, 
which reported the experts' findings.

In February 2011, Nasdaq OMX Group had confirmed that its servers had been 
breached, and suspicious files found on servers associated with Directors 
Desk, which is a Web-based collaboration and communications tool for 
senior executives and board members to share confidential information. The 
product has about 10,000 users, according to the company's website.

At the time, Nasdaq said that it had discovered the attack in October 
2010, immediately removed the suspicious files, and launched an 
investigation, saying "at this point there is no evidence that any 
Directors Desk customer information was accessed or acquired by hackers." 
But it wasn't clear how long the malicious files may have resided on 
Nasdaq's systems. Indeed, based on past breaches, many businesses fail to 
spot when they've been hacked, at least right away.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: