The Support Intelligence security monitoring firm has turned its blog into a playground of brand name companies that have been victimized by spammers planting bots on their networks.
Naming Names: Big Brands With Bots
The end of April saw Nationwide Insurance land on the list of prominent companies with a serious bot problem. Support Intelligence has been listing firms whose machines have been generating spam, as detected by their spam traps.
In the Nationwide example, analysis of the spam received from a half-dozen IP addresses belonging to the insurance company gave Support Intelligence reason to be very concerned about their bot problem:
The main question is if any of Nationwide's consumer data was compromised. We believe that 155.188.254.1 is an outbound NAT and that the 1,342 SPAM emitted from that ip address represent some set of internal machines that are compromised. The way that the headers were forged leads us to believe that there were several machines behind the suspected NAT.
With keyloggers and postloggers frequently part of a bot infection, Support Intelligence has rights to be concerned. An infected machine on an insurance company's internal network could have all kinds of personal data for loggers to feast upon and send along to criminals.
Nationwide would have something else to worry about beyond the integrity of their data, due to their health plan offerings. Medical information enjoys federal protection under HIPAA - The Health Insurance Portability and Accountability Act.
If criminals can pull data out of an insurance company through a bot infection, federal regulators could take a very active interest in how the company thinks that fits in with HIPAA's security rules. For Nationwide, bots could be more than just a spam pumping annoyance.
RSS
Archive
Contact Us
Advertise
