I didn’t write anything about it at the time, but there was a major breach of South Carolina taxpayer data a few months back. Mandiant’s report about the attack is now available.
Reading through the findings gives us a few takeaways. First, the initial compromise seems to be from a user getting malware installed through a phishing attack. Users need to be aware of threats that may come to their inbox and how to deal with them. (Succinctly put by @jadedsecurity – Don’t Click Shit!)
I haven’t looked at email security systems in a while, but if none are doing so, I’d like to see someone develop a system that looks at the links inside emails and disables suspicious looking ones. Since attachments are very frequently scanned, attackers are more likely to send malware through links nowadays.
The other big takeaway from the report is to see how long it takes for an attacker to gather information and set up everything to steal the data. With better monitoring in place, the initial breach might be detected and rectified before any damage can be done.