Book A book icon Megaphone A megaphone icon Chat A chat bubble Calendar A calendar symbol Calendar alternative A calendar symbol Menu A menu symbol for navigation print A computer printer symbol Location A map location marker Location alternative A map location marker Phone A phone symbol User A human silhouette indicating login Document A document symbol Facebook Facebook social media icon Facebook Facebook social media icon Twitter Twitter social media icon Twitter circled Twitter social media icon YouTube YouTube social media icon YouTube YouTube social media icon YouTube Play icon YouTube social media icon Vimeo Vimeo social media icon Vimeo circled Vimeo social media icon LinkedIn LinkedIn social media icon LinkedIn circled LinkedIn social media icon Instagram Instagram social media icon Instagram circled Instagram social media icon Pinterest Pinterest social media icon Pinterest circled Pinterest social media icon Mobile A mobile phone Tablet A tablet symbol Laptop A laptop computer symbol Desktop A desktop computer display Pencil A pencil symbol Ok A checkmark symbol cancel-circle A X symbol Plus An addition symbol Minus A subtraction symbol Heart A heart symbol Star A star symbol Videocam A video camera symbol Caret A small triangle symbol Newspaper A newspaper symbol Cart A shopping cart Tools A hammer and a wrench symbol Flag A flag symbol home home-desc Photo A photograph symbol Audio A speaker with sound symbol Cog A group of cogs symbol RSS A RSS feed symbol Comment A speech bubble symbol Link A chain link symbol Export An export arrow symbol Envelope An envelope symbol Search A magnifying glass symbol Info An information symbol Info circled An information symbol Help circled A question mark symbol Clock A clock symbol Globe A globe symbol Globe alternative A globe symbol none none

Capital One Mega-Breach May be “Just the Tip of the Iceberg”

The latest major IT security breach, which involves Capital One Financial Corporation, may be the ‘tip of the iceberg,” according to a cybersecurity expert who consults with AVANT Communications on matters of data loss prevention.

On Tuesday, July 29, major news outlets, including noted security columnist Brian Krebs, issued reports of a former employee of AWS who was arrested in connection with the theft of data from more than 100 million credit applications, including approximately 140,000 Social Security numbers and 80,000 bank account numbers plus about a million Canadian Social Insurance Numbers. Paige A. Thompson of Seattle allegedly used web application firewall credentials in a privilege escalation scheme to access the data. Krebs reports that she may have also located tens of gigabytes of data belonging to other corporations, and some of that data may have been accessed by other individuals through her social media platform.

On Wednesday July 30, Ray Watson, VP of Innovation at Masergy, told AVANT Research & Analytics that he expects the Capital One Breach to be the “tip of the iceberg.” 

“This is partly due to the remaining data that might have been intercepted, but also because there are two types of ‘aftershocks’ that usually occur after this type of incident,” he said. “The first is basically “copycat” attacks, where other cybercriminals attempt to mimic the same type of exploit- in this case web application firewall privilege escalation.  The second is the use of customer anxiety about data breaches in order to support phishing attacks.”
Watson further explained that both businesses and private opportunities should be on the lookout for email or phone exploits that promise to address vulnerabilities related to the Capital One breach when, in fact, they are trying to provoke victims into exposing passwords and other sensitive information as part of their own data theft efforts.

Watson advised that customers immediately contact their Trusted Advisors in an effort to assess their risk level and ascertain whether additional security responses are necessary.    

“As to those Trusted Advisors, they should closely examine the data as it emerges from this ongoing investigation because there’s always much to be learned from these,” he added.  “We do know that this case highlights the need to consider insider threats in your threat modeling.”  

The need for a solid trusted advisor is echoed by Ron Hayman, AVANT’s chief cloud officer: “A third-party security assessment is often a low cost opportunity to get a fresh perspective on a companies vulnerabilities” said Ron.  “You’ll then have a better idea which additional services might be valuable to enhance your security posture”.  Ron explained companies are often short staffed to handle the growing security threats.  One can augment resources with third parties to assist with firewall management, patching services, SIEM and alert monitoring, proactive threat monitoring, or incident response if a breach occurs. “Choosing the right provider for each of these services can be a challenge,” explained Hayman “The right Trusted Advisor can assist in your selection process. When the worst happens, you want the best possible team standing at your side.”