The fallout from the Epsilon breach

The Epsilon breach took place late last month, but the ramifications could be serious. Tom Brewster looks at what the consequences could be...

ANALYSIS: The hack attack on Epsilon last week has caused tremors across the security industry, as big corporations saw their email lists go missing.

Some giants of the business world - including Marks & Spencer, Hilton and Citibank - were thought to have been affected.

At the minute, it appears as though only email addresses and names went missing. But whilst this kind of information may not seem important at first, it could be used in wider attacks.

So how serious was the Epsilon breach and what can we expect to see in the aftermath?

Does it matter?

You may think hackers can't do much with just emails and names, and to some extent you'd be right. Spam may cause issues for bandwidth and email clogging, but often filtering systems protect users.

In fact, there is a theory going around the hackers didn't even set out to acquire emails from Epsilon, but came across them by accident. This could indicate the cyber criminals weren't doing anything particularly serious.

"Because e-mail addresses were not considered of great value in the criminal underground, I suspect the attack on Epsilon began as something random," said Mary Landesman, market intelligence manager at Cisco.

"Hackers often scan the internet looking for machines that have a certain vulnerability or misconfiguration and then, once they hit upon something, look further to see if the victim interests them."

She added: "At this stage we can only speculate that this is what happened; the attackers had found themselves on Epsilon's system, realised what they had and then worked to acquire their customer lists."

However, you can do more with emails and names than you might think. Such information can provide the building blocks for something much more serious.

In light of recent Advanced Persistent Threat (APT) attacks, people should be more concerned about targeted spear phishing attacks than spam.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

Cisco to acquire threat intelligence provider Kenna Security
Acquisition

Cisco to acquire threat intelligence provider Kenna Security

14 May 2021
What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

14 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
What’s next for the education sector?
Whitepaper

What’s next for the education sector?

14 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell XPS 17 (2021) review: A big laptop for big jobs
Laptops

Dell XPS 17 (2021) review: A big laptop for big jobs

10 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021