Cybersecurity training and certification firm SANS Institute suffers data breach
Proving that no one is safe from cyberattacks, cybersecurity training and certification services provider SANS Institute has suffered a data breach with the records of some 28,000 customers stolen.
The breach involved a phishing attack on an employee that involved a malicious Officer 365 attachment. The attachment set up a forwarding rule from the employee’s inbox that sent 513 emails to the attacker before it was detected and shut down.
Information compromised included emails, work titles, first and last names, work phones, company names, industry, addresses and country of residence. No passwords or financial information were compromised.
In a statement, SANS said that it detected the breach Aug. 6 and “quickly stopped any further release of information” from the compromised email account, which was forwarding the data to “a suspicious external email address.” The company added that it believes that the attack was not targeted and “appears to have been opportunistic with financial theft the intent.” SANS noted that they are investigating the attack and are working to identify opportunities to harden their systems and improve their responses.
“When a respected security organization, such as SANS Institute, experiences an incident like this, it emphasizes that for many organizations attempting to prevent each and every attack is a fool’s errand and an expensive one at that,” Tim Wade, technical director of the CTO Team at threat detection and response firm Vectra AI Inc., told SiliconANGLE. “The real hallmark of modern security is about resilience to attacks – the capacity to perform timely detection and response before material damage is done even after preventative controls have failed.”
Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, noted that although he didn’t believe that SANS should be held accountable to the same standard of security and data protection as imposed on financial institutions and other highly regulated industries, the amount of information gained is concerning.
“The breach of one single email, however, should not lead to such a significant exposure of personally identifiable information data, even if it’s a drop in the ocean of disclosed data breaches from the last 18 months,” Kolochenko said. “Attackers will now gradually focus their attention on cybersecurity companies and organizations to get their clients’ privileged information or credentials.”
Kolochenko was conciliatory, however, adding that “the rapid and transparent reaction of SANS to this incident is laudable and professional. Moreover, this fairly insignificant incident will now likely boost internal security at SANS and provide additional confidence to its clients and partners.”
Image: SANS Institute
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.