Tag: Mandiant

Security vendor sued for poor security

courtroom_1_lgSecurity resellers will be a bit nervous about the outcome of a court case in the US where an anti-virus software maker has been sued after a casino became infected with malware.

If the case against Trustwave succeeds it could mean that security companies could be sued if they fail to stop serious breaches.

US casino chain Affinity Games is suing Trustwave, a cyber-security vendor that was brought in to investigate a card breach but failed to detect and stop a malware incident on Affinity’s servers, which led to the escalation of a previous card breach.

In October 2013 Affinity Games was notified of fraudulent credit card activity on the bank accounts of numerous victims and it hired Trustwave to sort out what was believed to be malware on its system.

Trustwave was hired to investigate and stop a credit card breach. In January 13, 2014, Trustwave reassured the casino chain that the incident “has been contained” and that a “backdoor component appears to exist within the code base, but was inert.”

Trustwave also said that the malware’s author became aware that he was detected, and stopped all activity on October 16, 2013, also removing and deactivating some of the malware’s components.

In April 2014 the server and the application from where the suspicious activity was coming were previously tested and deemed safe in Trustwave’s report.

On April 19, 2014, Affinity hired another cyber-security investigator, Mandiant, a FireEye subsidiary, to investigate these new findings in depth. It found that the breach thought shut down by Trustwave had continued to be open until April 27, 2014, when Mandiant security experts shut it down.

Affinity says that Trustwave failed to remove the malware it discovered, failed to find all pieces of the malware, and also failed to identify evidence in some logs it looked at.

In its lawsuit, Affinity claims that “Mandiant’s investigation and remediation confirmed that Trustwave’s representations were clearly inaccurate, and its efforts woefully lacking.”

Affinity is looking for damages in excess of $100,000.

US health firm comprehensively hacked

Sheffield: CEO of AnthemAn American health insurer appears to have been hacked and lost millions of its customers’ records.
Anthem said that hackers stole the identities of customers across all of its business units.
It has about 37 million customers in the USA and has reported the attack to the Federal Bureau of Investigations (FBI).
It has said it has now closed the hole but that’s somewhat equivalent to closing the gate once the horse has bolted.
The hackers do not appear to have had access to Anthem customers’ credit card records.
It has set up a website to try to explain what happened, with its CEO and president claiming his company had state of the art information security systems.
He said that despite that, his company “was the target of a very sophisticated external cyber attack.  These attackers gained unauthorised access to Anthem’s IT systems”.
Anthem has hired a company called Mandiant to assess its IT systems.
Sheffield said: “Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge.”