Hunters get hunted

When the hunter becomes the hunted!

There has been a disturbing trend these past few months when the very bastions of cybersecurity – the vendors or service providers that governments and private companies depend on for their security – are themselves compromised. The lesson is perhaps not that these companies are poorly equipped to provide the security services they offer, but that potentially any company could be the victim of an attack. Let us take a look at some of the more recent attacks and what this could mean for the larger community:

FireEye

images?q=tbn:ANd9GcSEJepB-FNAN_UY0FCkHlHOlqWjQpwDtXQzdhnGBZlQZnLvd_2wSyHfQDH--p5cStzUaKs&usqp=CAU

FireEye is normally the first port of call for government agencies and companies worldwide who have been hacked by the most sophisticated attackers or fear they might be. Now it looks like the hackers — in this case, evidence of links to Russia’s intelligence agencies — may be exacting their revenge.

FireEye revealed that its own systems were pierced by what it called “a nation with top-tier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks worldwide.

SolarWinds

1200px-Solarwinds.svg.png

The software firm SolarWinds was breached earlier this year when hackers broke into its system and inserted malicious code into its software platforms. Customers who updated their software from March to June added the malware to their networks, giving the hackers a backdoor into their systems.

SolarWinds has hundreds of thousands of clients across the globe, including government agencies and most enterprise companies. The company said up to 18,000 of its customers downloaded the software update that contained the malicious code.

As a result, the following major US agencies/companies were reportedly breached:

  • Department of Homeland Security
  • The Pentagon
  • Department of Energy
  • Department of the Treasury
  • Microsoft

When you compare these attacks with some of the larger data breaches – they are tiny in terms of the number of records impacted. Recent large scale breaches include:

1. CAM4 data breach

CAM4_Site_Logo.png

Date: March 2020

Impact: 10.88 billion records.

Adult video streaming website CAM4 has had its Elasticsearch server breached, exposing over 10 billion records.

 

2. Yahoo data breach 2017

4fd8dcb7eab8eab648000004?width=1100&format=jpeg&auto=webp

Date: October 2017

Impact: 3 billion accounts

Yahoo disclosed that a breach in August 2013 by a group of hackers had compromised 1 billion accounts. In this instance, security questions and answers were also compromised, increasing the risk of identity theft. The breach was first reported by Yahoo while in negotiations to sell itself to Verizon on December 14, 2016. It forced all affected users to change passwords and to reenter any unencrypted security questions and answers to make them encrypted in the future. However, by October of 2017, Yahoo changed the estimate to 3 billion user accounts.

 

3. Aadhaar data breach

1200px-Aadhaar_Logo.svg.png

Date: March 2018

Impact: 1.1 billion people

In March of 2018, it became public that the personal information of more than a billion Indian citizens stored in the world’s largest biometric database could be bought online.

However, whilst large scale breaches of personal records, whilst problematic for the companies involved, don’t always result in making other companies vulnerable. This unfortunately is not the case for their customers who may have their sensitive personal info accessible to scammers and spammers. Security vendors on the other hand are implemented in high risk environments and used to protect the crown jewels of any organisation. They also unfortunately, have extrmemely high levels of access and trust. And when these get compromised it unlocks a literal treasure trove of “loot” for the attackers.

 

Craig Rosewarne is the Managing Director of Wolfpack Information Risk (Pty) Ltd. For more information on Wolfpack's Advisory, Awareness or Training services, please email info@wolfpackrisk.com or visit their website https://wolfpackrisk.com/

 

References

  1. https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html
  2. https://techmonitor.ai/techonology/cybersecurity/4-cyber-security-companies-that-got-hacked-themselves-4847269
  3. https://www.teiss.co.uk/cyber-security-companies-suffered-security-incidents/

Comments

No posts found

Write a review

Resource Search

Subscribe

Get every new article on your e-mail