Individual Possibly Involved in the OPM Data Breach Arrested by the FBI

In 2015, the United States Office of Personnel Management (OPM) reported that they had been the target of a data breach that affected the security clearance records of millions of current and former government employees.  On August 25, 2017, the Federal Bureau of Investigation (FBI) arrested one of the people suspected of using the same malware linked to the massive data theft: 36-year old Chinese national Yu Pingan.

Pingan, who also goes by the pseudonym “GoldSun,” was arrested at the Los Angeles International Airport in connection with attacks against unnamed US companies from 2011 to 2014.

In an indictment, Pingan was accused of conspiring with two other unidentified individuals to attack the networks of US-based organizations beginning in 2011. The group first discussed the use of a Remote Access Trojan (RAT), which allows users to remotely control the system in which it is installed. Attacks against various companies occurred over the next few years, including a wide variety of infection vectors such as watering hole attacks and vulnerability exploitation. Pingan’s primary role was to distribute malicious software tools, one of which was used in the OPM attacks mentioned earlier.

Lessons Learned

While the arrest of perpetrators is good news, the underlying question still prevails: What can be done to minimize the impact of, if not completely prevent, data breaches?

The first step would be to acquire the ability to identify the Indicators of Compromise (IOCs) that occur whenever potential data breaches occur. Unusual authentication and authorization incidents, peculiar network behavior, and network irregularities are some of the telltale signs that network attacks could be occurring. Spotting IOCs gives IT professionals the time to react and prevent these attacks from causing lasting damage.

In terms of mitigation techniques, data management should be a priority. For organizations, this can involve a simple method of data classification: Data of greater importance should be given greater priority in terms of security. Data protection should also extend to employees and end users, who should implement proper security practices as many attackers often use information stolen from individual users – such as Personally Identifiable Information (PII) and Healthcare Information – to gain access to organizational data. Data protection is something the whole organization, from top to bottom, should address as a whole.

Trend Micro Solutions

Data breaches are a real risk for enterprises. Enterprises should deploy solutions like Trend Micro™ Custom Defense, which can detect, analyze and respond to advanced malware and other attack techniques which can be used by attackers in data breaches. Solutions like Trend Micro Deep Security, on the other hand, can protect data server applications and content to prevent business disruptions, while helping meet regulatory compliance, whether using physical, virtual, cloud or mixed-platform environments.

Integrated Data Loss Prevention in Trend Micro products can identify, track and secure all confidential data from multiple points within the organization to avoid the occurrence of unintended disclosures and the repercussions of lost devices. Endpoint Encryption ensures data privacy by encrypting data stored on endpoints—including PCs, Macs, DVDs, and USB drives.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.