Verizon Enterprise Data Hit, Hackers Seek Big Payday - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership

Verizon Enterprise Data Hit, Hackers Seek Big Payday

Verizon Enterprise Solutions is the latest company to fall victim to a data breach where cyber-criminals are targeting potentially lucrative corporate information, rather than details about consumers.

10 Stupid Moves That Threaten Your Company's Security
10 Stupid Moves That Threaten Your Company's Security
(Click image for larger view and slideshow.)

Verizon Enterprise Solutions, which is a division of Verizon that helps Fortune 500 firms respond to data breaches, became itself the latest corporate victim of a security breach. The cyberthief is now attempting to sell information gleaned off of the company's enterprise client portal.

Verizon's security breach is just another example of cyber-criminals pilfering potentially lucrative corporate information instead of going after consumer data.

In this particular case Verizon Enterprise Solutions had contact data for an estimated 1.5 million of its customers taken. The cyberthief is looking to sell the information for $100,000 in its entirety, or in sets of 100,000 records for $10,000 each, according to a Krebs on Security report.      

The security breach did not extend to Verizon's customer base of consumers, the company told InformationWeek.

(Image: Mikko Lemola/iStockphoto)

(Image: Mikko Lemola/iStockphoto)

"Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible. The impacted customers are currently being notified," Janet Brumfield, a Verizon Enterprise spokeswoman, said to InformationWeek.

Krebs notes in his report that any buyer of the Verizon Enterprise contact data will likely use it to for phishing or other types of attacks. By coaxing unsuspecting employees to inadvertently provide access to their computer and network in a phishing scheme, the buyer of the Verizon data can leverage their investment and attempt to pilfer data from these customers.

Maxim Weinstein, a security advisor for Sophos, told InformationWeek that attacks on enterprises are on the rise.

"There definitely has been an increase in attacks targeting enterprises over the last couple years. And it is not just large enterprises, but small and midsize businesses, as well," Weinstein said. "One scam we've been seeing a lot is a "spear phishing" (targeted fake email) attack against someone in finance or HR. It looks to be a very believable email from a trusted senior executive, likely one who is traveling, requesting an urgent transfer of money or data. Of course, the transfer is really going to the attackers."

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

He added that with many of these attacks this type of scam takes advantage of a combination of human nature, or social engineering, insecure processes like not requiring confirmation in person or via a trusted channel, and gaps in technical security measures, such as data loss prevention tools.

"Targeted attacks are far more likely to be aimed at companies, like the Verizon case, or government agencies, as these are likely to have some combination of high value data, large bank accounts, and political or 'bragging rights' value," Weinstein said. 

Wade Williamson, director of threat analytics at Vectra Networks, noted that enterprises also tend to be much more valuable locations for a criminal to go hunting, because they naturally are likely have a centralized tranche of data. "For instance, if you want to steal payment card data, it obviously makes sense to steal by the thousands from a retailer, as opposed to one at a time from individuals," he noted.

Morey Haber, vice president of technology at BeyondTrust explained there are two primary objectives for cyber-criminals to target enterprises. One is to extract information to monetize through reselling the information, and the other is to disrupt or embarrass the company in order to impact its business.

[Editor's note: This article was updated to add the comments of Wade Williamson and Morey Haber.]

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Michelle
50%
50%
Michelle,
User Rank: Ninja
3/26/2016 | 2:53:06 PM
Pull up the gates!
I wonder if the enterprise customers have a big moat around the rest of thier data. Now would be a great time to pull up the gates.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
3/27/2016 | 11:28:39 AM
HR
I wonder if there aren't better employee policies about phishing and cybersecurity precisely because HR falls prey to so many of these attacks.  ;)
batye
50%
50%
batye,
User Rank: Ninja
3/28/2016 | 12:38:15 AM
Re: HR
@Joe Stanganelli, I keep reading from time to time HR do get hacked with some of the Co. when HR open email called "updated request for W8 form."  during tax season...
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
3/28/2016 | 8:59:07 AM
Re: HR
@batye: Thanks for that tidbit.  I'll look into that and maybe share a missive with my clients.
batye
50%
50%
batye,
User Rank: Ninja
3/28/2016 | 9:27:25 AM
Re: HR
@Joe with security is never ends as hackers keep trying mix of old and new... and during tax season it easy to forget:(...
GregZ213
50%
50%
GregZ213,
User Rank: Apprentice
3/28/2016 | 10:26:58 AM
Root Cause
"Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal."

In other words, that security patch we've been ignoring for the past few months bit us in the arse!
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll