Hyundai Capital Breach & Blackmail

Concerns continue to grow concerning information security as an unidentified hacker attacked Hyundai Capital’s network and took confidential personal data, including customer names, residence registration numbers, mobile phone numbers and e-mail addresses, of over 420,000 customers, representing 23% of the company’s total clients.  The hacker may also have stolen prime loan PIN numbers of some 13,000 customers.

The attack began almost two months ago, and went unnoticed until the hacker sent an e-mail to the firm Thursday, demanding several hundred million Korean won in return for not leaking the illegally obtained information to the internet.  Hyundai immediately reported the breach to police. and transferred 100 million won into a bank account.  The blackmailer has already withdrawn 47 million Wonand was captured on CCTV footage taking cash from a Seoul ATM.

South Korea’s Financial Supervisory Service has launched a special investigation into the breach, warning that Hyundai may be sanctioned if customer passwords were not encrypted.

All businesses should keep in mind that computer hackers only need to find ONE weakness to exploit, online service providers need to find and fix them ALL. It is extremely difficult to catch the perpetrator once an attack takes place.  They could be operating from anywhere in the world, using compromised systems from any or many jurisdictions to cover their tracks, making it hard to locate or prosecute them.  The best way to beat hackers is to lower your attack surface and implement preventative measures.  It is of little use to shut the stable door after the horse has bolted.

What can a business do?  Start by understanding your environment.

  • Get Security and IT teams working on the same page.  Security is everyone’s job.  Security teams manage and direct the efforts.
  • Create a list of every ingress and egress point in your network.  Plan to protect your perimeter.
  • Take stock of your assets and network topology.
  • Identify what information assets are critical and important.
  • Identify potential and likely compromise points, like browsers, popular applications, email and FTP services, etc.
  • Research appropriate tools and strategies, preventative, detective, and reactive.  Free tools provide a good start, supported is better.
  • Choose solutions that can be layered.  Anti-virus is good.  Gateway and desktop A/V is better.  Multiple A/V at the gateway, server, and desktop is best.
  • Filter and restrict what can come in and out of the organization.  Policy is good, awareness is better, DLP and Content Filtering is best.
  • Baseline your traffic patterns and protocols.  If it deviates from the norm, investigate.
  • Monitor and log activities, and view real-time reports for anomalous and deviant behavior.
  • Call in professional help.  Security specialists can assess your environment, guide your efforts and advise further.
  • Prepare plans for reacting to these reports.  Consistent and diligent investigations are key.

If you want to protect your business, your security and IT teams need to know what you are protecting, why you are protecting it, where it is and how it can be gotten to, as well as how best to defend and monitor it.