kpix-7-2013-masthead kcbs 7-2013-masthead

Tech

Bay Area Security Firm That Revealed Target Breach Details Changing Tactics For Cybercriminals

View Comments
Juliette-Goodrich_BIO-HEAD Juliette Goodrich
Emmy award winning reporter and Bay Area native Juliette...
Read More

Get Breaking News First

Receive News, Politics, and Entertainment Headlines Each Morning.
Sign Up
Trending Stories On CBS SF

quake flash 082614 Bay Area Security Firm That Revealed Target Breach Details Changing Tactics For CybercriminalsSome Bay Area Residents Report Mysterious Flashes In The Sky During Napa Quake

keyframe22 Bay Area Security Firm That Revealed Target Breach Details Changing Tactics For CybercriminalsCaught On Camera: Concord Thief Uses Mystery Electronic Device To Break Into Car

454087234 8 Bay Area Security Firm That Revealed Target Breach Details Changing Tactics For CybercriminalsStrong Magnitude 6.0 Earthquake Rocks San Francisco Bay Area, Dozens Hurt, Significant Damage In Napa

solar farm Bay Area Security Firm That Revealed Target Breach Details Changing Tactics For CybercriminalsBirds Bursting Into Flames Above Solar Farm Stirs Calls To Slow Expansion

aftershocks Bay Area Security Firm That Revealed Target Breach Details Changing Tactics For Cybercriminals5 Aftershocks Hit Napa, Largest Quake Since Sunday’s 6.0 Earthquake

MILPITAS (KPIX 5) — Crooks have already used the HeartBleed bug to break into a major corporation’s network system.  While it’s unclear whether the bad guys stole anything, statistics show cybercrime is on the rise, the crooks are changing tactics, and the playing field has exploded.

For example, at a big company, the cyber spies stirred up trouble by hiding malicious code into a popular online menu for Chinese food.

The strategy: to lure unsuspecting workers to the menu and then entice them to “click” and start the attack.

“If they know you’re connecting to a Chinese menu, and if I can get you to visit that website, I can start an attack occurring on your computing device,” said Dave DeWalt, Chairman and CEO of FireEye, a cybersecurity firm located in Milpitas.

The same kind of sneak attack unfolded at Target.

Culprits stole credentials from an air conditioning company with an online tie to the retailer.

“We’re only one click away from any website in the world,” said DeWalt.

Bloomberg BusinessWeek reported how FireEye spotted the security breach and alerted Target weeks before the hackers transmitted stolen data.

FireEye wouldn’t talk about Target to KPIX 5, but as the reported story in Bloomberg shows, its advanced technology can spot attacks before they happen.

The technology, called MVX, is a virtual machine that tests every application, every download, or every website click before it enters your system. The idea: to see if it’s good or not. Any abnormal behavior triggers an alert. That alert then allows a client or company to block that website or application before any damage is done.

“Now a lot of those threats have moved from email to something hiding on a website,” DeWalt told KPIX 5.

Who are the attackers and what do they want? They vary from nation-state culprits who are going after intellectual property, to criminal groups who want to steal your financial assets.

“We see roughly 100,000 attacks per day,” explained Zheng Bu, Vice President of Security Research at FireEye.

Bu stood in front of FireEye’s Global Strike Heat Map, which shows in real time how sophisticated cyber-attacks unfold.

They are called zero-day attacks: these are attacks that no one has seen before.

In most cases, once attackers get into your system, they can spend a long time scooping up the goods.

“From the time a large company gets breached to the time they even know they are breached, takes almost a year,” said DeWalt.

And while the threat is global, security experts believe the Bay Area is a special target.

“We’ve been seeing for quite a few years the attackers have gone after the high-tech world,” said DeWalt.

What’s a consumer to do? The experts at FireEye said to get smarter about the technology; monitor your finances more often and carefully, don’t blindly follow links or open up attachments, change your passwords on a regular basis. And don’t think you won’t be a target: anytime you click on to the internet, you’re vulnerable to attack.

View Comments
blog comments powered by Disqus
Follow

Get every new post delivered to your Inbox.

Join 53,848 other followers