Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Businesses Security The Internet

Symantec: Hacking Group Black Vine Behind Anthem Breach 18

itwbennett writes: Symantec said in a report that the hacking group Black Vine, which has been active since 2012 and has gone after other businesses that deal with sensitive and critical data, including organizations in the aerospace, technology and finance industries, is behind the hack against Anthem. The Black Vine malware Mivast was used in the Anthem breach, according to Symantec.
This discussion has been archived. No new comments can be posted.

Symantec: Hacking Group Black Vine Behind Anthem Breach

Comments Filter:
  • by Virtucon ( 127420 ) on Thursday July 30, 2015 @07:30AM (#50213379)

    In other news, Anthem is going to acquire Cigna [businesswire.com]. Now all those Cigna customers can get the same high-quality data protection and HIPPA compliance that all Anthem customers enjoy. Of course Anthem will only pay a paltry fine for not protecting customer information and will in return provide one year of "credit monitoring" to those affected by their stupidity.

    • Now all those Cigna customers can get the same high-quality data protection and HIPPA compliance that all Anthem customers enjoy.

      Anthem breaks HIPAA rules all the time.

      I'd share my own experiences, but only as AC.

    • by antdude ( 79039 )

      And former Cigna customers too?

  • by ErichTheRed ( 39327 ) on Thursday July 30, 2015 @09:51AM (#50214245)

    I've been doing desktop computing stuff for ages, and one of the things you need to take into account is this -- Nothing will ever stop one idiot end user from double-clicking on an attachment, following a link to a cat video, or giving their password to someone over the phone. This could be anyone from the CEO (actually, more likely to be them...) to the lowliest call center person working on what you think is a locked down desktop/Citrix session. Microsoft has gotten better over the years by making the OS and applications usable by a non-administrator, but that's only one piece of the problem. Most large organizations have a hard time patching regular vulnerabilities in their OSes, let alone emergency patching a zero day exploit.

    I've always wondered when companies are going to just say "screw it" and give workers back the 2015 version of a green screen terminal to do their work on. VDI is vulnerable, Citrix is -very- vulnerable, and standalone desktops are extremely hard to secure. These "security researchers" have way more resources than an overburdened, understaffed, underfunded and often outsourced IT department. Most companies can't afford to re-architect their network in a "trust-nothing" fashion, or don't want to pay for it because IT is seen as a cost center. What makes this worse is that companies get away with it all the time -- as long as they have their PCI and/or HIPAA audit box checked, they can shrug their shoulders and say "we're powerless to stop them, see, we did everything you asked!" Then, their insurance just pays off the credit card companies and it's business as usual again until the next big hack.

    When you can "fix" a security problem by giving away a useless credit monitoring service, there's no incentive to fix the problem.

    • Nothing will ever stop one idiot end user from double-clicking on an attachment

      This is the scenario that keeps me up at night. Here are the steps I have taken in our network:

      - Block Java and Flash for all users using kill bits
      - Block executables at the firewall
      - Block all VBA containing docs at the firewall
      - Use Geo-IP rules to block e-mail from countries we don't do business in
      - Use OpenDNS
      - Use SEP to block executables from removable media
      - Stay on top of web and e-mail content filtering rules
      - Stay on top of security updates
      - Monitor e-mail reports every day for trends
      - Perform re

  • by bbsguru ( 586178 ) on Thursday July 30, 2015 @10:05AM (#50214311) Homepage Journal
    Interesting that we seem to be overlooking the 'rest of the story':
    That the United, Anthem, and OPM breaches are ALL blamed on the same actors. [net-security.org]
    So we now have a cool name ('Black Vine') to supplant "Chinese State Sponsored Hackers".
    I suppose that will make it easier to report without offending our good friend China, right?
  • by MightyDrunken ( 1171335 ) on Thursday July 30, 2015 @10:57AM (#50214705)

    I found the "Elderwood Framework" [symantec.com] document interesting. A number of different hacker groups, including Black Vine had access to a surprisingly high number of zero day exploits. Looking at the primary targets defence, aeronautics, engineering, energy in the US and NGOs in Taiwan, Hong Kong and China, it makes sense that it is Chinese backed.

    All the zero day exploits were IE, Flash and one Windows (XML core services).

    • Look, why does everyone think China is involved? Just because the IP addresses point in that direction? Weak sauce. Here is a much more nuanced way to look at things. Yeah, they use China IP addresses. But much of the high tech part of China is on the eastern coast. This is part of the Pacific Ring of Fire, a whole bunch of active and extinct volcanoes ringing the Pacific Ocean.

      Now, there aren't a whole lot of fiber optic cables that run directly to volcanoes. The business case really isn't there. S

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...