The Error Of Your Ways: Top 10 Data Breaches Of 2014
1. Veterans Of Foreign Wars Breach Tied To APT Attacks
In one of the clearest examples of nation-state-sponsored cyberespionage activity, a targeted attack against the website of the U.S. Veterans of Foreign Wars in March resulted in the inadvertent exposure of names, addresses and Social Security numbers of 55,000 veterans. The attackers infiltrated the underlying Web server containing the data to support an attack campaign against veterans visiting the site, according to the breach notification letter issued by the VFW. The ultimate goal of the attack was to gain access to military plans or contracts and not the personally identifiable information, the organization said. The cybercriminal group suspected of carrying out the attack targeted an Internet Explorer zero-day vulnerability against visitors. The organized attack is believed to have come from a China-based group with ties to the attackers responsible for the data security breach at whitelisting and endpoint security firm Bit9 last year.