Capital One Mega-Breach May be “Just the Tip of the Iceberg”

The latest major IT security breach, which involves Capital One Financial Corporation, may be the ‘tip of the iceberg,” according to a cybersecurity expert who consults with AVANT Communications on matters of data loss prevention.

On Tuesday, July 29, major news outlets, including noted security columnist Brian Krebs, issued reports of a former employee of AWS who was arrested in connection with the theft of data from more than 100 million credit applications, including approximately 140,000 Social Security numbers and 80,000 bank account numbers plus about a million Canadian Social Insurance Numbers. Paige A. Thompson of Seattle allegedly used web application firewall credentials in a privilege escalation scheme to access the data. Krebs reports that she may have also located tens of gigabytes of data belonging to other corporations, and some of that data may have been accessed by other individuals through her social media platform.

On Wednesday July 30, Ray Watson, VP of Innovation at Masergy, told AVANT Research & Analytics that he expects the Capital One Breach to be the “tip of the iceberg.”

“This is partly due to the remaining data that might have been intercepted, but also because there are two types of ‘aftershocks’ that usually occur after this type of incident,” he said. “The first is basically “copycat” attacks, where other cybercriminals attempt to mimic the same type of exploit- in this case web application firewall privilege escalation. The second is the use of customer anxiety about data breaches in order to support phishing attacks.”
Watson further explained that both businesses and private opportunities should be on the lookout for email or phone exploits that promise to address vulnerabilities related to the Capital One breach when, in fact, they are trying to provoke victims into exposing passwords and other sensitive information as part of their own data theft efforts.

Watson advised that customers immediately contact their Trusted Advisors in an effort to assess their risk level and ascertain whether additional security responses are necessary.

“As to those Trusted Advisors, they should closely examine the data as it emerges from this ongoing investigation because there’s always much to be learned from these,” he added. “We do know that this case highlights the need to consider insider threats in your threat modeling.”

The need for a solid trusted advisor is echoed by Ron Hayman, AVANT’s chief cloud officer: “A third-party security assessment is often a low cost opportunity to get a fresh perspective on a companies vulnerabilities” said Ron. “You’ll then have a better idea which additional services might be valuable to enhance your security posture”. Ron explained companies are often short staffed to handle the growing security threats. One can augment resources with third parties to assist with firewall management, patching services, SIEM and alert monitoring, proactive threat monitoring, or incident response if a breach occurs. “Choosing the right provider for each of these services can be a challenge,” explained Hayman “The right Trusted Advisor can assist in your selection process. When the worst happens, you want the best possible team standing at your side.”