-
About Cisco Security Expert - Jamey Heary, CCIE No. 7680, is the author of the Cisco NAC Appliance: Enforcing Host Security with Clean AccessCisco Subnet blog community. Contact him. book by Cisco Press. Jamey is a seasoned security technologist with over 15 years in the IT field with 10 years focused on IT security. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. Jamey is currently a Security Consulting Systems Engineer with Cisco, though the opinions expressed here are his own. Jamey is a member of Network World's
1) Conficker - Conficker is the most widespread botnet ever recorded. Sure it isn't a specific breach persay but I just had to make it my number one. It still infects millions of PCs. In fact, according to a report recently released by shadowserver.org, china telecom's chinanet still has over a million infected PCs or about 1% of its total IP address space. Conficker exploited a Microsoft vulnerability described in the Microsoft Security Bulletin MS08-067.
2) Phishing attacks on banking sites - A recent report by Trusteer shows that phishers are making huge bank by phishing banks. The report shows that only a very very few bank customers actually click on a phishing email, in fact it is only 0.000564%. Of these people that do click though 45% of them divulge their personal credentials to the fake phishing site. The report calculates that even though the click rate is super low the scale of users involved makes this a significant loss for our banks. They estimate that banks loose between 2.4 and 9.4 million dollars (per million online bank users) to phishing fraud Annually!
3) Heartland Payment Systems - I'm sure you all know about this one already. It occurred in January 2009 when attackers where able to steal more than 130,000,000 credit card records. Many of the attacks used were basic SQL injection exploits. Just a few days ago Heartland agreed to pay AMEX $3.6 million to settle claims related to the breach. Heartland has set aside $12.6 million more to settle other claims it is anticipating from Visa, Mastercard, etc.
Continue Reading