We are pleased to be a part of the DoD CyberCrime Conference in chilly St. Louis Missouri. Conference goers should feel free to stop by, say hello, and check out the demonstrations of our NextGen software.
For the second time in 18 months, Monster.Com has suffered a massive security breach. In both cases, user account information was stolen, along with the email addresses and names of job seekers. When this happened in August of 2007, 1.3 Million accounts were taken when an employee of the company divulged his credentials via a Trojan Horse program. Within days of that attack, users of Monster.com who had their account information stolen found they were victims of targeted malware phishing attacks and, since hackers assume Monster.Com users are out of a job, many were invited to become money laundering mules for criminal hacker organizations.
In the latest breach, Monster put a notice here on their website that says:
As is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database. We recently learned our database was illegally accessed and certain contact and account data were taken, including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. The information accessed does not include resumes. Monster does not generally collect – and the accessed information does not include – sensitive data such as social security numbers or personal financial data.
Immediately upon learning about this, Monster initiated an investigation and took corrective steps. It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information.
Now let’s flash back to 2007 and their statement to the press regarding that breach:
Sal Iannuzzi, the company’s chairman and chief executive, said the company was improving its surveillance of how the site is used as well as limiting the way data can be accessed. Iannuzzi declined to provide specific details about how the new security measures will work, saying he didn’t want to make them vulnerable to potential hackers.
Whatever improvements were made in Monster’s network surveillance and security measures were not adequate to deal with the severity of the threats the organization is facing from sophisticated adversaries. In light of this second breach, Monster should review what went wrong with their previous remediation plan and develop something better to help them identify data breaches quickly and lock down their customer records. Monster, as many enterprises today, simply needs better and deeper visibility into their network traffic.
NetWitness NextGen provides a new paradigm for network security monitoring. Full packet capture and session analysis provides the ultimate truth about data crossing the wire because you are dealing with ALL the data — not just signatures or statistics or scans. Your security managers actually will know what types of information is crossing network interfaces, will better understand the risks of that data in motion, and can therefore make better decisions about reducing those risks. And regardless of how the hacker tries to exfiltrate the data - via the web, trojanized control port to the internal network, or a disgruntled insider- NetWitness helps you close the gaps.
For Monster users, please change your password on the site. Other bloggers are reporting that usernames and passwords were stored in clear text. If so, and you use the same username and passwords on other accounts, you may wish to change those credentials as well.