Security breaches leave reputation in tatters

By

Security firm Computer Associates suffered a breach to its website last week..


Part of the firm's site had been manipulated to redirect unsuspecting visitors to the 'uc8010.com' domain in China, which downloads malware to the visitor's PC.

Industry observers said that the incident mirrors the attack on the Miami Dolphins site in 2007 and confirms that malware perpetrators are increasingly corrupting the websites of legitimate organisations in order to distribute code.

Ovum analyst Graham Titterington noted that this particular incident occurred in the press section of CA's website which is outsourced to a hosting company. This highlights the security questions of IT outsourcing.

"This type of incident is now common. It shows the limitations on any protection strategy based on the reputation of the organisation that owns the website," said Titterington.

"Attacks can only be stopped by filtering all downloaded content. It is ironic that a security vendor has fallen victim to this kind of attack.

"It is also worrying that its site apparently remained corrupted for some days, no doubt partly explained by the holiday season."

The more general lesson for enterprises and the IT industry is the importance of security supervision of sub-contractors and outsourcers, according to Titterington.

"It is CA's reputation that will suffer, not that of its supplier," he said.

Meanwhile, US-based computer parts store Geeks.com has also admitted a security breach, discovering that customer information including credit card data, phone numbers and email addresses may have been compromised.

Security firm Cybe r-Ark pointed out that Geeks.com still displays a banner from McAfee's ScanAlert certifying that it is 'hacker safe' meaning that users should be able to surf in safety.

Calum Macleod, European director at Cyber-Ark, said: "Quite apart from the fact that a supposedly secure site - and one that has been certified as such - has been hacked, it highlights the need for all commercial organisations to encrypt customer data if they are not to lose face or even face lawsuits from disgruntled customers.

"Geeks.com is still investigating the incident, but it seems that someone has hacked the company's e-commerce site. And if it can happen to someone as tech-savvy as Geeks.com, it can happen to any company."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
breachesinleavereputationsecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?