17 Sep Security Breach – 17 Sept 2020
Hackers for hire are here to steal corporate secrets.
As the rise of “as a service” cybercrime continues, some hackers aren’t just involved in ransomware and PII theft. They’re focused on specialised spying, like stealing trade secrets – and keeping them out of your business is easier than you think.
Corporate espionage is a growing industry in a world where information can be currency. From state-backed actors trying to filch technology to data thieves who want the results of COVID-19 testing, thriving cottage industries have grown up around specialised corporate cybercrime.
These bad actors aren’t just focusing on global corporations or well-known institutions anymore – companies of every size are at risk of attack. But you can quickly and efficiently add safeguards to your systems and data to reduce your risk of corporate espionage, and it’s not even expensive.
Add a secure identity and access management solution like DUO Security to add safeguards against hackers that make it harder for them to break in with a stolen or cracked password.
It’s also smart to add automatic phishing protection with SonicWall Email Filtering to put strong protection between your business and cybercrime like phishing and ransomware.
By beefing up security with these solutions and staying alert for credential compromise with Dark Web ID, you can ensure that you’re ready for potential corporate hacking attempts to keep your proprietary data safe.
USA – Equinix – Data Center Operator
Risk to Small Business: Severe: Netwalker ransomware made itself at home at data centre giant Equinix, and the cybercriminals gang responsible is asking for $4.5 million to move out.
The attack occurred over the US Labour Day holiday weekend, and appears to impact Equinix’s Australian clients most heavily. An accompanying screenshot showing a sample of the encrypted/stolen data includes folders of financial information, payroll, accounting, audits, and data centre reports.
Risk to Exploited Individuals: No individual information was reported as compromised, but that could be a future consequence as events unfold.
Customers Impacted: Unknown
Australia – K7 Maths – Education Services Provider
Exploit: Unsecured Database
Risk to Small Business: Severe: The Australian Computer Emergency Response Team (AusCERT) determined that The Department of Education, Skills, and Employment (DoE), was not to blame in a breach incident after researchers downloaded the personal details of more than one million students, teachers, and staff from a Dark Web site.
Instead, the breach was traced to education services provider K7 Maths and an unsecured Elasticsearch cluster, likely as part of a March 2020 incident. The leaked data contained details such as first names, emails, password strings, and K7 Maths site settings.
Risk to Exploited Individuals: Moderate: The leaked information could be used to launch spear phishing attacks and credential stuffing attempts. Users of the system should use caution in handling suspicious messages.
Customers Impacted: 1 MIL
Ensure you’re protecting your data and systems from common sources of credential compromise and data loss by implementing a solid cybersecurity plan.
Talk to a TCT team member today and we can show you how.
Follow us on LinkedIn: