We Are Confident That No Data Breach Occurred
The speed, scale, and sophistication of modern fraud is unprecedented, but organizations are successfully thwarting attacks all the same.
As if the perniciously roiling Brexit drama weren’t enough, British politics was hit this week with not one, but two massive cyber attacks, as reported by The Guardian:
“The Labour party has faced a second cyber-attack, a day after experiencing what it called a ‘sophisticated and large-scale’ attempt to disrupt its digital systems.”
We wish, of course, that the use of terms such as “sophisticated” and “large-scale” to describe a malicious attack came as a surprise to us, but alas, such is not the case. In a DataVisor blog post from just a few months ago, in fact, it was noted that, “complexity, sophistication, and coordination are the hallmarks of modern digital fraud.” And, in a recent interview with SafetyDetective, Yongxin Xi, Director of Engineering and Analytics for DataVisor, observed that, “the level of speed, scale, and sophistication of modern fraud is unprecedented.”
With all that said, the following headline, then, should come as no surprise:
Facebook Removed 3.2 Billion Fake Accounts Between April And September, More Than Twice As Many As Last Year
And yet, it does. 3.2 billion fake accounts removed. In just a handful of months. That’s a staggering number.
“The company said it removed more than 3.2 billion fake accounts between April and September, compared with more than 1.5 billion during the same period last year.”
Fake accounts are just one of the many fraud issues Facebook has been very publicly battling. They’ve also had serious concerns with data security, and in that, they’re not alone. Data breaches have become shockingly commonplace in recent times, and as reported by Business Insider this week, we’re learning more about why that’s the case:
“The circumstances behind a data breach will always vary depending on the situation. But there is a common thread that can be found across several recent hacks, including the Capital One breach from July … For several companies that have been impacted by data breaches in recent years, the issue boils down to how these firms are managing the servers that are being used to store sensitive information.”
If the above use case might be classifiable as a crime of ignorance, the following story is a whole other story. According to an article from CBS news week, a large health system has been freely disclosing patient data … without telling either doctors or patients!
“As first reported in the Wall Street Journal, Ascension is sharing information with Google. In the program called “Project Nightingale,” Ascension, a health system that includes over 2,600 hospitals and health care centers in 21 states, is reportedly providing patient names and dates of birth, as well as lab results, hospitalizations and diagnosis to Google. Patients and doctors were apparently not notified.”
In defense of the companies, they did note that “Google and Ascension said they are fully committed to a ‘robust data security and protection effort’ and fully compliant with HIPAA, the Health Insurance Portability and Accountability Act of 1996 that protects patient privacy.”
When it comes to data breaches, there are those that make them possible, and those that try and prevent them. At least, that’s the conventional binary we normally expect to see. This week, however, we saw that narrative turned on its head:
“ZoneAlarm, the consumer brand of the security firm Check Point, has fallen victim to a data breach in which hackers were able to gain unauthorized access to one of it web forums. Once inside the web forum, the hackers were able to obtain the names, email addresses, hashed passwords and dates of birth of almost 4,500 of the company’s customers.”
Yes, you read that right. An “internet security software company” was, itself, breached.
We’ll end this week’s post by circling back to the article we started with, in order to consider again the matter of “sophisticated and large-scale” malicious attacks. When you’re talking about the massive scale of modern fraud — and how to prevent attacks before damage occurs — you inevitably have to think about proactivity, and the technologies that make it possible. DataVisor CEO Yinglian Xie spoke to this in an interview this week with About-Fraud.com:
“Unsupervised methodologies that discover new and unknown attacks as they’re happening are a capability that everyone should move towards, so we don’t have to worry about reducing loss and damage.”
What unsupervised machine learning (UML) offers, is the ability to surface those patterns and connections that preemptively indicate brewing malicious activity, before downstream damage can occur. As reported by insideBIGDATA, these capabilities are why Experian elected to partner with DataVisor:
“The addition of these capabilities and output signal into Experian’s fraud and identity platform will help businesses more easily detect correlated patterns and hidden connections between accounts that could be indicative of fraudulent behavior.”
By the way, that attack on the Labour Party? The news is actually ultimately good:
“We have experienced a sophisticated and large-scale cyber-attack on Labour digital platforms. We took swift action and these attempts failed due to our robust security systems. The integrity of all our platforms was maintained and we are confident that no data breach occurred.”
For those of us with stakes in the noble fight against digital criminals, there are few sentences more soothing than, “we are confident that no data breach occurred.”
On that note, we invite you to join us next week for another edition of This Week in Fraud Trends!
