One of the challenges in threat intelligence is taking the massive amount of data we have about the threat landscape and distilling it into its most relevant components. A huge part of the reason for growth in data science (and in cyber security specifically) is habitually struggling with too much information. (With some exceptions) With this roadblock, it’s a challenge to focus in on the data that’s truly relevant.

Georgia Tech recently notified almost 1.3 million people about a potential breach of sensitive data, and in some cases, including a social security number. Over a four month period, there was a vulnerable server that allowed people to enumerate records on a back-end database, allowing the exfiltration of sensitive information. While universities are seen as more open environments, they do have sensitive information they have to protect.

In the past, a green padlock icon would inform the user that a site is secure and legit, whether it was true or false. Now, that is no longer the case. We are seeing more and more phishing sites using SSL/TLS certificates to try and fool people into thinking that a phishing site is actually legitimate. The appearance of free SSL/TLS certificates, which can be applied with ease (Let’s Encrypt, Comodo and more), allow scammers to harness SSL certificates to their own agenda, giving misguided people the felling of false security.

Summary

Organizations store and maintain more consumer data than ever and the failure to protect it (or having it breached) can mean real losses. One estimate suggests Facebook may by on the hook for over a $1B USD fine for the current breach.

The Anthem hack has been getting a lot of news coverage because it is one of the larger data breaches in recent years. Of course it is in fairly good company (Sony, Home Depot, Target spring to mind) but it has some features that are unique. These features mean that the impact on those whose data was stolen is probably less than some other hacks, but that doesn't mean people can relax.