Data at Risk: Corporate Confidentiality and VTech’s Data Breach

In the first Data at Risk series post about corporate confidentiality, we discussed a few industry-agnostic cornerstone attacks on corporate data and the need for network TAPs for visibility. One of our key realizations was that corporate confidentiality is in dire need of improvement.

However, in the wake of the recent VTech data breach, the weakness of corporate confidentiality is so apparent that companies of all sizes must start taking cyber security more seriously.

 The Basics of VTech’s Recent Hack

VTech, a toy manufacturer that makes gadgets fueled by the Learning Lodge online store, was compromised on November 14, 2015. Initial reports found that approximately 4.8 million parent accounts were breached in addition to over 200,000 child accounts. The records included genders, dates of birth and private pictures that could lead hackers to exact locations for children.

If the endless list of breached companies growing everyday hasn’t motivated companies to change their cyber security efforts, the fact that children are now being affected should invoke change. Companies in all industries should take VTech’s hack as a lesson for corporate confidentiality—but you must understand how the attack happened:

• SQL Injection: The attack was initiated by SQL injection where the attacker inserted malicious code into VTech’s web forms to gain authoritative control over all servers and databases in the network. SQL injection is one of the oldest available tools in a hacker’s arsenal, proving just how unprepared VTech was for the attack.
• Poor Detection: The hacker informed Motherboard of the compromise and proved just how many files he gained access to. Unfortunately, VTech was completely unaware of the breach until they were contacted by Motherboard. Visibility is key for corporate confidentiality; but as millions of records flowed out of the VTech network, it was clear their visibility and detection efforts were far below what should be expected.
• Security Measures Almost Non-Existent: Cyber security researchers made a number of disappointing findings in the wake of the attack. First, while the breached passwords were hashed, the MD5 encryption algorithm used was known to be flawed for over a decade. Researchers also found that VTech failed to use SSL web encryption for data transfers, putting passwords up for grabs in any data breach. And lastly, it became clear that VTech had a serious data leakage issue, which could provide attackers with sensitive information before they even carried out their breach.
  
  

A December 11, 2015 update found that approximately 6.4 million child records were compromised in the attack—a staggering number that puts VTech’s breach among the most devastating attacks in history. While the attacker claimed no malicious intent, he noted that the hack was so easy that any other cyber criminal could have easily compromised the company before he disclosed their weaknesses. It’s 2016 now and companies must do more than VTech did to stop a data breach—and it all starts with visibility.

Network Monitoring and Visibility—Your Weapon Against Data Breaches

Consider the sheer volume of breached records in an attack of this size. With nearly 10 million records flowing from internal databases to an unknown external IP address, your WAN pipes would be packed with suspicious traffic for hours. If you’ve never experienced an incident like this, believe us when we say it’s pretty easy to see that much problematic traffic. Companies must be prepared before a breach ever occurs.

Preparation starts with knowing your baseline traffic. If VTech knew its baseline traffic, this breach may have been prevented.

Want to learn more about improving your network visibility? Start with this free white paper, How to See Your Baseline Traffic, and discover how you can revive corporate confidentiality.