截至2014蜿蜒而下,在违反索尼影视娱乐公司显然是最大数据泄露of the year and among the most devastating to any corporation ever.
攻击者在突破并采取任何他们想要的东西,千兆出入穿插和文档,电子邮件,甚至整个电影千兆字节,显然是随意就结束几个月的时间。
+Also on Network World:最奇怪,最古怪和2014年最酷的科学/技术的故事|Peeping into 73,000 unsecured security cameras thanks to default passwords+
发布的数据被盗和很大一部分的名人自然导致了公共关系的噩梦的公司。据透露尖刻个人评论从未想过要上市以及个人信息,如社会安全号码和薪金和有关正在进行项目的竞争性信息。
路透社
该scenario is any corporate IT security pro’s worst fear – being pwned and hung out to dry publicly. Add to that lawsuits being filed against Sony by former employees seeking damages they say they suffered because the company failed to adequately protect the data.
虽然大多数漏洞都以盈利为目的进行的 - 如信用卡信息被盗 - 这种攻击的目的是要伤害它的受害者尽可能在多个方面,并已非常成功。
Many of the big for-profit breaches involved compromises of the信用卡/借记卡刷卡机在零售店,他们的目标,家得宝,Neiman Marcus的,迈克尔和PF常之中。
[Read all of Network World's year in review stories]
一种常见的方式骗子得到了在被浸润值得信赖的商业伙伴和窃取合法凭据访问受害者的网络。一旦进入,他们从机器转移到机器,直到他们达到含点销售的机器,这是他们感染了刮刀盗取卡号和有效期的子网。
索尼的困境有关黑客主导头条新闻,也有一些其他显著闯入今年。这里有几个简单它们描述。
索尼
Data compromised – Seemingly everything stored in the network.
如何他们得到了 - 未知。投机的范围从在泰国的酒店推出了一种监守自盗的攻击。
多久他们去未被发现 - 未知。
How they were discovered – On Nov. 22 employee computers received messages threatening public distribution of stolen data and displays of skulls on their screens.
目标
路透社
该目标断裂happened last year but the important details came out this year so it’s included here.
数据泄露 - 64个亿张信用卡和借记卡7000万个的电话号码,邮寄地址和电子邮件地址。
How they got in – Hacking the credentials of a legitimate business associate, an HVAC company, to get on Target’s network, then installing malware on point-of-sale machines.
他们去了多长时间未被发现 - 大约两个星期。
How they were discovered – The Department of Justice told them about it, but anti-malware software flagged the problem as well.
家得宝
数据破坏——多达5600万张信用卡处于危险之中5300万个电子邮件地址
How they got in – Via a third-party vendor’s credentials followed up by exploiting an unpatched Windows flaw.
How long they went undetected – From April to September.
他们是如何被发现 - 商店的经理们通过银行和执法官员告诉。
善意工业(C&K系统)
数据泄露 - 868,000信用卡/借记卡号码。
How they got in – By infecting point of sales card-swipe machines after compromising the network of the operator of the machines. Two other unnamed clients of C&K Systems were also compromised.
多久了,他们也未被发现 - 18个月。
他们是如何被发现 - 美国联邦官员和支付卡办案人员告诉他们。
Data compromised – Phone numbers and email addresses for 76 million households plus 7 million small businesses.
多久他们去未被发现 - 三个月
How they were discovered – Internal investigation as well as outside data about a massive stolen credit card ring.
他们是怎么进去:犯罪分子破坏计算机使用的是无论是在工作和家庭中使用的特殊权限的员工。
Data compromised – An unconfirmed number of credit card numbers, but possibly as many as an estimated 7 million
How they got in – Undisclosed but point-of-sales systems were compromised
多久了,他们也未被发现 - 九个月。
How they were discovered – The Secret Service told them about the breach
数据泄露 - 350000张支付卡
他们是怎么进去 - 不确定,但销售点系统被泄露
多久了,他们也未被发现 - 三个月。
他们是如何被发现 - 信用卡处理器警告可能违反和一名顾问证实了它。
Michaels
数据泄露 - 260万信用卡/借记卡
他们是怎么进去 - 未披露,但点销售机器被感染
How long they went undetected – Eight months
How they were discovered – Undisclosed
