MAAS History
Disclaimer
exocrine exocrine

All information Provided as is.

Sunday
Apr032011

Condition Remains GREEN

A massive breach has been reported at a internet marketing firm, Epsilon, which manages marketing for a host of brands. Various types of personal identifiers have be stolen including emails, addresses and phone numbers. This information we expect to be sold on the black market and used for various types of phishing. Below is a list of the brands currently listed. 

The major danger is that the information may be used in an attack that targets a select group of individuals. This impact of this breach going forward will be major with long lasting implications. This includes the organizations which are the brands and the users who shared their information knowingly or unknowingly. 

We recommend the follow for Organizations:

  • Find out if employees have used any of these brands and provided their work email employees should inform the responsibly parties for security (ISO) immediately. 
  • Offer employees amnesty from discipline for providing this information if using work email for this kind of activity is prohibited. 
  • Consider using extra proxing and filtering on accounts which may have been discovered used by users/employees.
  • Explain to employees that if they used their work emails for any of the brands listed below they need to be at a heightened state of awareness.
  • Be on a heighten state of alert for phishing using attachments that include Flash files.
  • For employees who do not need Flash to accomplish their jobs remove Flash.
  • For groups or departments that need Flash for business functions use stricter ingress and egress filtering.
  • Consider strict silo methods for departments that need Flash for business functions from internal systems. 

Additional recommendations for individuals:

  • Never share any personal information via email with credit card companies, phone companies, banks, grocery stores or retailers.
  • Make sure to change any passwords which may have been used on the sites associated with the brands listed below. 
  • If you received notice of this compromise from the brands in question notify your employer, especially if you used any information about your employment. 
  • Be aware of the kind of information that may have been compromised by reading below. 
  • Keep in mind that a email offering information that sounds too good to be true most likely is malware.

 

Brands that have been compromised:

  • Brookstone
  • Citi
  • Capital One
  • JP Morgan Chase
  • Tivo
  • HSN (Home Shopping Network)
  • McKinsey & Company
  • Ritz-Carlton Rewards
  • Walgreens
  • The College Board
  • New York and Company
  • Marriott Rewards

Some of the personally identifiable information Epsilon Sells:

  • Age
  • Childern
  • Email Address
  • Mail Order Addresses
  • Professions
  • Astrology
  • Computer Type
  • Ethnic Information
  • Religion
  • Business type
  • Insurance preferences
  • Pets
  • Residence
  • Buyer of household
  • Donor information to charities
  • Lifestyle
  • Political Affiliations
  • Senior information age

Epsilon's Product Data Cards (Types of Data):

  • American Smokers Registry
  • BusinessClass List Builder From Equifax
  • Epsilon TargetSource US - Ailments/Health
  • Epsilon TargetSource US - Avid Readers
  • Epsilon TargetSource US - Charitable Donors
  • Epsilon TargetSource US - Collectors
  • Epsilon TargetSource US - Computer and Internet Users
  • Epsilon TargetSource US - Cooking and Culinary
  • Epsilon TargetSource US - Financial Services Sector
  • Epsilon TargetSource US - Gardening Enthusiasts 
  • Epsilon TargetSource US - Higher Education
  • Epsilon TargetSource US - Hobbies and Interests
  • Epsilon TargetSource US - Home Electronics
  • Epsilon TargetSource US - Mail Order Buyers
  • Epsilon TargetSource US - Outdoor Enthusiasts
  • Epsilon TargetSource US - Scrapbooking and Crafts
  • Epsilon TargetSource US - Sports
  • Epsilon TargetSource US - Women at Home
  • High-Tech Connect Formerly From Equifax
  • ICOM Home Based Business Entrepreneurs
  • ICOM Self Employed Entrepreneurs
  • ICOM Target NewMover - PreMover Data
  • ICOM Target NewMovers
  • ICOM TargetPlus [formerly Advantage Choice] - Financial
  • ICOM TargetPlus [formerly Advantage Choice] - Masterfile
  • ICOM TargetPlus [formerly Advantage Choice] - New Parents
  • ICOM TargetPlus [formerly Advantage Choice] - Real Property
  • ICOM TargetPlus [formerly Advantage Choice] - Survey
  • ICOM TargetPlus [formerly Advantage Choice] -Transactional Mail Order
  • ICOM TargetSource Canada - Adults Ages
  • ICOM TargetSource Pet Owners 
  • ICOM TargetSource U.S. - Avid Readers
  • COM TargetSource U.S. Ailments and Health
  • ICOM TargetSource U.S. Charitable Donors
  • ICOM TargetSource U.S. Collectors
  • ICOM TargetSource U.S. Computer and Internet Users
  • ICOM TargetSource U.S. Education
  • ICOM TargetSource U.S. Finance and Investing
  • ICOM TargetSource U.S. Hobbies and Interests
  • ICOM TargetSource U.S. Household Items
  • ICOM TargetSource U.S. Sports 
  • ICOM TargetSource US - Diet and Health
  • ICOM Targetsource US - Grandparents
  • ICOM TargetSource US - Homeownership
  • ICOM Targetsource US - Masterfile
  • ICOM TargetSource US - Music Preferences
  • ICOM TargetSource US - Travelers
  • ICOM TargetSource US - Vehicle
  • ICOM Weekly New Movers
  • Permission! Formerly from Equifax
  • Residential Property Plus Formerly From Equifax
  • Rx Selector Formerly From Equifax
  • Small Area Characteristics Database
  • TargetPoint In-Market Formerly From Equifax
  • TargetPoint New Movers Formerly From Equifax
  • The Lifestyle Selector Formerly From Equifax
  • The Response Selector Formerly From Equifax 
  • The SOHO Selector Formerly From Equifax 
  • TotalSource XL Formerly From Equifax

 

Wednesday
Mar302011

Condition Remains GREEN

Intego is reporting that their security researchers have discovered a new variant of the remote administration tool BlackHole RAT (MAAS February 26 2011, Squawk Box 3/15/2010)and has categorized it as OSX/BlackHoleRAT.B. OSX/BlackHoleRAT.B includes an script called Safari.app and isightcapture. The Safari.app file is named as such to fool a user to allow the application access to the network. The isightcapture script takes a photo using the isight camera. 

Users should do the following: 

  • Do not download and install illegal or pirated versions of software, especially related to Adobe suite of Products. (Attack method Squawk Box Post 1/28/2009)
  • Install a firewall by a security vendor such as Intego's Virus Barrier 6.
  • Always confirm the exact application asking for access to network services.
  • Consider covering the iSight camera when in sensitive areas. 
  • For more restrictive environments the iSight camera hardware shall be removed. 

The threat currently is still low but several of the direction of the tactics will be unfamiliar to Mac users. This includes the use of social engineering to invoke user action. We continue to monitor and share all information as it becomes available.