Information Content Security
Events associated with this classification taxonomy are related to incidents where the information security of the data was violated. This broadly means that some protected or sensitive information was accessed, collected or modified by an unauthorized party.
Many different incident types can lead to such an information security breach, some examples are the compromise of an account or application, or interception and access during transmission (wiretapping, spoofing, hijacking). There is also the possibility of human, configuration and/or software error, without malice or gross neglect being involved.
Events with this classification type identify a system that likely serves as a drop zone. The term drop zone is generally referred to where malicious software or other compromised systems send the data it collected. This data is then either further forwarded or directly picked up by the attacker.
The collected data depends on the malicious application behind that sends the data. This can range from email address, user name, password over account information, SMS, system information to whole database dumps.
While such data is often sensitive, it is crucial for identifying and informing the victims. Additional information such as system or service access logs can further help to investigate the incident. Depending on the data it could be used as evidence in criminal investigations, which has certain requirements. We strongly suggest you get in touch with trusted IT security professionals to help you determine the next steps.
The system identified by
source is likely abused to collect and/or forward sensitive data stolen by malicious software. While the system or service does not have to be infected with malware, it still should be regarded as compromised as malicious actors are able to store and access data on the system or service.
- Contact a trusted organization or agency to determine the next steps. Please contact us if you need any assistance. Even if we are not the right partner for you, we might be able to help you get in touch with the the right organization.
- Contact us if you are willing to share the dropped and/or logged information with us.
- Check access and application logs for unusual activity and additional information.
- Share the information with the trusted organization or agency to inform the victims.
- Change the access credentials of potentially affected users.
- Update the software running on the system.
- Scan the system for malicious software. Offline scan from CD or USB if possible.