Last month, health insurance company Anthem publicly announced a massive data breach that exposed Social Security Numbers and other personal information on 80 million American customers. You don’t have to be an Anthem customer to be vulnerable to phishing attacks; find out what you can do if you system has been breached (or if you suspect it has been).
Phishers Pounce on Anthem Breach
Immediately after the announcement, cyber criminals sent out phishing emails in an attempt to captilize on the news. The worst outcome of this situation is that the scammers have 80 million social security numbers but even if they only have access to the victims’ email addresses and other critical information, they can do plenty of damage if an unsuspecting individual clicks on a link in the phishing emails, which have been designed to look like they are coming from Anthem or another legitimate source.
A click leading to the wrong website can result in malware quietly infecting an unsuspecting individual’s computer, which then can give the criminal access to view everything typed into the keyboard, viewed on the screen/monitor, recorded with a webcam or copied and pasted from a file to a website (like a password).
What To Do If Your System Has Been Infected (Or You Suspect It Was Infected)
After the fact, if the individual has an idea of when their computer could have been infected, there are a few things they can do to restore their computer to a secure state:
- Download, install and run an antiLogger to block and remove any existing malware, such as keyloggers and other types of spyware.
- Revert their system to a trusted state prior to the date they believe they were infected. This can be done with Windows System Restore feature but any data created after the date the Restore Point was created will be lost.
One can avoid losing data when preparing ahead of time for a potential security breach. An advanced system recovery tool can create a snapshot of the system in its trusted state and anchor any data files and folders selected, providing access to the most recent version of any files in any selected folders, even if those files don’t exist at the time the snapshot was created. In the event of a future security breach, the user can revert the system to the snapshot from a prior point in time without losing any new data: all the files and folders that were anchored in the past can be restored as they existed today, immediately prior to the breach.
Investigators Suspect Anthem Employee PC Breach
Anthem’s system administrator found that the hackers were using his own security credentials to simply log into the Anthem system and steal 80 million customers’ data.
Investigators discovered a total of five Anthem employees’ credentials were breached, which allowed the hackers to enter the system. This demonstrates the ease at which employees can bypass IT security policy, even unintentionally. Phishing attempts aimed at corporate email addresses can lead exactly to this type of scenario.
Admins can easily protect and revert breached systems to a secure state using the methods explained above.
Keep in mind:
- Even existing antivirus products may not fully protect against all types of antiloggers, so patching your security software’s vulnerabilities with a multi-antilogger is important to keeping your IT security policy intact.
- System Restore doesn’t provide data protection and you may not be able to use this built-in method if your system is rendered unbootable.
- Your data backups are only as good as your most recent backup and if you don’t have a bootable system to import your backups to, they really aren’t of much use at all.
How are you protecting your systems and data?