Ashampoo–a German software vendor–is the latest to fall victim to a breach of customer data resulting from hackers. An announcement on the Ashampoo site explains, “Hackers gained access to one of our servers. We discovered the break-in and interrupted it instantly. The security gap through which the hackers gained access was closed immediately.”
Troy Gill, security analyst with AppRiver, provided some expert insight on the breach. “Since it does not appear that any credit card or financial information was taken, the risk here is that these individuals will be targeted going forward.”
Gill notes that the real threat, just as in the recent exposure of customer email addresses from Epsilon, is that the contact information, combined with the known relationship with Ashampoo, will enable attackers to create much more convincing precision phishing attacks.
Anup Ghosh, founder and chief scientist at Invincea has a more ominous take on the matter. Ghosh says that the string of data breaches and the general information security news over the past year or so should alarm everyone from Wall Street to Main Street.
Ghosh explains that the end user, rather than a PC operating system or vulnerable software, has become the primary target for attackers, and is the real root of the problem. “The adversary targets the user because they know that regardless of all the patches applied to technology, one cannot apply a patch to Layer 8–the human brain. Attachments will always be opened if they look to be coming from a reliable source; curiosity has always and will always kill the cat.”
Ghosh suggests that security needs to adopt a new model that seeks to protect the entire PC environment from the actions of the user rather than focusing on identifying and patching vulnerabilities.