Cybersecurity experts speculate on how hackers broke into Anthem

How did cyber crooks pull off one of the largest healthcare data heists to date? Cybersecurity experts weigh in.

How exactly did cyber crooks pull off one of the largest healthcare data heists to date?

Joseph Swedish, president and CEO of Anthem, noted in a message on Wednesday that the company made efforts to "close the security vulnerability" immediately after the attack was identified.

More details are expected to emerge from Anthem on what that vulnerability is, but security experts have begun weighing in on how criminals could have gained unauthorized access to the healthcare company's IT system.

Jasper Graham, former NSA technical director and SVP of cyber technologies and analytics at Darktrace, told SC Magazine on Thursday that attackers could have gained access to the information by either exploiting a bug in Anthem's IT system, or by obtaining credentials via social engineering.

"I don't believe this was a smash and grab," Graham said, speculating on how long the attackers were carrying out the attack. "Based on the amount of data stolen, it took the attackers some time to figure out where they were and what they could have access to."

Ken Westin, senior security analyst with Tripwire, told SC Magazine that the initial attack vector could have been a successful spear phishing attack that targeted an admin or other individual with high level access to data.

"Another more likely scenario is that this was a SQL injection attack or a direct attack on the database servers," Westin said.

He took note of two job listings currently listed on Anthem website: one posted on Wednesday for a Cloud Encryption Security Professional, and another posted on Friday for a Checkpoint Firewall Expert.

"This could be indications of where [their] lapses in security may have been and where they are now trying to bolster their defenses," Westin said.

Part of the problem Anthem might have been facing is that "large organizations cannot visualize and understand their whole attack surface, and inevitably end up leaving some side door unlocked and overlooked," said Mike Lloyd, CTO of RedSeal.

This article is an excerpt from SC Magazine, PRWeek’s sister title at Haymarket Media. Click here to read the full analysis.  

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in