The Executive Office of Labor and Workforce Development (EOLWD) reported that the Departments of Unemployment Assistance (DUA) and Career Services (DCS) networks and individual computer terminals, as well as individual computers, at the One Stop Career Centers were infected with the W32.QAKBOT virus, a new strain of a computer virus, beginning on April 20, 2011. Steps were taken immediately with the assistance of EOLWD's security provider, Symantec, to eliminate the virus.
In a statement on May 17, the state's Executive Office of Labor and Workforce Development said, "EOLWD learned yesterday that the computer virus (W32.QAKBOT) was not remediated as originally believed and that the persistence of the virus resulted in a data breach. Once it was discovered, the system was shut down and the breach is no longer active. W32.QAKBOT may have impacted as many as 1500 computers housed in DUA and DCS including the computers at the One-Stop Career Centers."
The agency said the virus, identified as "W32.QAKBOT," may have collected confidential job claimant or employer information, such as names, Social Security numbers, Employer Identification Numbers, email addresses, and residential or business addresses from 1,500 state computers. "It is possible that bank information of employers was also transmitted through the virus," the agency said in a statement.
Particularly at risk are people who filed a claim between April 19 and May 13 that required any manual intervention by a state worker, the office says, adding all potentially affected people will be getting letters from the state. "Only the 1,200 employers that manually file could be impacted by the possible data breach."
"I apologize to our customers and recognize that this is an unwanted problem. We are hopeful that the actual impact on residents and businesses is minimal. The breach is no longer active. We are in the process of individually notifying all residents whom we think could be impacted and have advised all relevant and necessary state and federal agencies of the situation. We are doing everything possible to provide assistance in how to protect their identities and credit to those affected," said Joanne F. Goldstein, Secretary of Labor and Workforce Development.
Goldstein also mentioned that, "We take our customers privacy very seriously. Unfortunately, like many government and non-government organizations we were targeted by criminal hackers who penetrated our system with a new strain of a virus. All steps possible are being taken to avoid any future recurrence".
W32.QAKBOT is a worm that spreads through network drives and removable drives, according to the Symantec's Security Response page. After the initial infection, usually the result of clicking on a malicious link on a Web page, it can download additional files, steal information and open a back door on the compromised machine. The worm also contains a rootkit that allows it to hide its presence and it works slowly to avoid detection. "Its ultimate goal is clearly theft of information," said Shunichi Imano, a Symantec researcher.
"These days, whenever I hear of a big corporate infection that's very hard to get rid of and people are struggling, I immediately think of Qakbot," Roel Schouwenberg, an antivirus researcher at Kaspersky Lab, told WBUR, a Boston NPR radio station. Qakbot is especially aggressive and normally targets online banking, although it has the ability to mutate itself to switch targets and change its methods. The cyber-criminals behind the infection could have remotely instructed the virus to go after names, addresses and Social Security numbers stored in the state systems instead of focusing on banking sites, Schouwenberg said.
The infection was first discovered on April 20 after the help desk began receiving calls from users who complained that their computers were acting strangely, John Glennon, CIO for the labor department, told SCMagazineUS.com on Wednesday. Network managers immediately began working to eradicate the infection. It was subsequently learned, however, that initial efforts to remove the virus were not entirely successful and that data had left state systems. The actual number of victims is unknown but, as a measure of precaution, the state is notifying all unemployment insurance claimants, Glennon said.
The system has been shut down and the breach is no longer "active," according to Goldstein, Secretary of Labor and Workforce Development. The department is currently contacting all affected residents and has already notified "all relevant and necessary" state and federal agencies for assistance in remediating the breach. The list includes the Attorney General's Cyber-Crime Unit, the Office of Consumer Affairs and the Federal Bureau of Investigation.
It is evident that government departments and organizations need to take proper measures to safeguard their network security, including hiring highly trained information security in order to prevent an information security breach. Information security professionals can increase their information security knowledge and skills by embarking on highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it's like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.
In a statement on May 17, the state's Executive Office of Labor and Workforce Development said, "EOLWD learned yesterday that the computer virus (W32.QAKBOT) was not remediated as originally believed and that the persistence of the virus resulted in a data breach. Once it was discovered, the system was shut down and the breach is no longer active. W32.QAKBOT may have impacted as many as 1500 computers housed in DUA and DCS including the computers at the One-Stop Career Centers."
The agency said the virus, identified as "W32.QAKBOT," may have collected confidential job claimant or employer information, such as names, Social Security numbers, Employer Identification Numbers, email addresses, and residential or business addresses from 1,500 state computers. "It is possible that bank information of employers was also transmitted through the virus," the agency said in a statement.
Particularly at risk are people who filed a claim between April 19 and May 13 that required any manual intervention by a state worker, the office says, adding all potentially affected people will be getting letters from the state. "Only the 1,200 employers that manually file could be impacted by the possible data breach."
"I apologize to our customers and recognize that this is an unwanted problem. We are hopeful that the actual impact on residents and businesses is minimal. The breach is no longer active. We are in the process of individually notifying all residents whom we think could be impacted and have advised all relevant and necessary state and federal agencies of the situation. We are doing everything possible to provide assistance in how to protect their identities and credit to those affected," said Joanne F. Goldstein, Secretary of Labor and Workforce Development.
Goldstein also mentioned that, "We take our customers privacy very seriously. Unfortunately, like many government and non-government organizations we were targeted by criminal hackers who penetrated our system with a new strain of a virus. All steps possible are being taken to avoid any future recurrence".
W32.QAKBOT is a worm that spreads through network drives and removable drives, according to the Symantec's Security Response page. After the initial infection, usually the result of clicking on a malicious link on a Web page, it can download additional files, steal information and open a back door on the compromised machine. The worm also contains a rootkit that allows it to hide its presence and it works slowly to avoid detection. "Its ultimate goal is clearly theft of information," said Shunichi Imano, a Symantec researcher.
"These days, whenever I hear of a big corporate infection that's very hard to get rid of and people are struggling, I immediately think of Qakbot," Roel Schouwenberg, an antivirus researcher at Kaspersky Lab, told WBUR, a Boston NPR radio station. Qakbot is especially aggressive and normally targets online banking, although it has the ability to mutate itself to switch targets and change its methods. The cyber-criminals behind the infection could have remotely instructed the virus to go after names, addresses and Social Security numbers stored in the state systems instead of focusing on banking sites, Schouwenberg said.
The infection was first discovered on April 20 after the help desk began receiving calls from users who complained that their computers were acting strangely, John Glennon, CIO for the labor department, told SCMagazineUS.com on Wednesday. Network managers immediately began working to eradicate the infection. It was subsequently learned, however, that initial efforts to remove the virus were not entirely successful and that data had left state systems. The actual number of victims is unknown but, as a measure of precaution, the state is notifying all unemployment insurance claimants, Glennon said.
The system has been shut down and the breach is no longer "active," according to Goldstein, Secretary of Labor and Workforce Development. The department is currently contacting all affected residents and has already notified "all relevant and necessary" state and federal agencies for assistance in remediating the breach. The list includes the Attorney General's Cyber-Crime Unit, the Office of Consumer Affairs and the Federal Bureau of Investigation.
It is evident that government departments and organizations need to take proper measures to safeguard their network security, including hiring highly trained information security in order to prevent an information security breach. Information security professionals can increase their information security knowledge and skills by embarking on highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it's like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.
SHARE
