What do 8 high-profile organizations all have in common? They were all recently hacked and had their data breached by remote access.
Did you know that in two separate reports issued in 2012, remote access service, which provides privileged entry to a corporate network, was indicated as the most common avenue used for data breaches? Verizon reported that remote access accounts for 88% of data breaches, while Trustwave reported that 76% of data-breaches investigated were due to exploitation of remote vendor access channels.
Here are 8 high-profile organizations that were recently reported in the news, which provides anecdotal support to the reports mentioned above:
- Romanian hackers stole consumer credit card data from Subway, the American subway sandwich franchise, via remote desktop access software over a period of three years, enabling them to ring up over $3 million in fraudulent charges. (source)
- Hackers entered Sony’s PlayStation network by remotely taking over the PC of a system administrator and compromising the personal information of 77 million user accounts. (source)
- Chinese hackers exploited remote support services to steal information from Telvent Canada, a provider of remote administration software to the global energy industry. (source)
- Hackers gained remote access to South Carolina Department of Revenue computers and stole state tax data belonging to 6.4 million consumers and businesses. (source)
- Linode, a major web hosting provider, said it was hacked by hackers, who used a bug in Adobe’s ColdFusion that was recently exposed, which led to the attackers getting access to a web server, some of its source code, and its database, where some passwords in clear text, for its Lish shell program were stored. (source)
- Schnuck Markets Inc., a major grocery story chain, now says about 2.4 million debit and credit cards were compromised as a result of a remote data breach from its point-of-sale network. (source)
- Document sharing giant, Scribd, was remotely hacked with as many as 1 million passwords compromised. (source)
- A former system administrator hacked into his former employer’s network, Hostgator, a server hosting company, and gained remote access to 2723 separate servers inside Hostgator’s network. Among other things, he stole a Hostgator SSH login key file so he could continue to authenticate from the outside. (source)
In conclusion, no industry is safe from turning a blind eye to the issue of remote access hackers, and intelligent precautionary steps should be taken when it comes to protecting your organization’s valuable data.
 Ars Technica: How hackers gave Subway a $3 million lesson in point-of-sale security, December 2011 (source)
 NBC News: Hackers stole personal data from PlayStation Network, April 2011 (source)
 Krebs on Security: Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent, September 2012 (source)
 The Island Packet: How hackers stole South Carolinians’ tax-return data, November 2012 (source)
 Dark Reading: Web Hosting Provider Breached Via Adobe ColdFusion Vulnerabilities, April 2013 (source)
 Bank Info Security: Schnucks: Millions of Cards Exposed: Grocery Chain Reveals Impact of POS Network Breach, April 2013 (source)
 CSO Online: Scribd Hacked: As Many as 1 Million Passwords Compormised, April 2013 (source)
 Naked Security: Hosting Company, Hostgator, Hacked: Suspect Arrested After Being “Rooted with His Own Rootkit”, April 2013 (source)
Steve Abramowitz is ObserveIT’s Director of Sales in their New York City office. Steve brings over 20 years of experience in sales and business development, selling network management and performance management software solutions as well as different types of network security solutions to the enterprise. Feel free to reach out to Steve with any questions you may have.