Security Breach – 17 Sept 2020

Security Breach – 17 Sept 2020

Hackers for hire are here to steal corporate secrets.Hackers for hire are here to steal corporate secrets.

As the rise of “as a service” cybercrime continues, some hackers aren’t just involved in ransomware and PII theft. They’re focused on specialised spying, like stealing trade secrets – and keeping them out of your business is easier than you think.

Corporate espionage is a growing industry in a world where information can be currency. From state-backed actors trying to filch technology to data thieves who want the results of COVID-19 testing, thriving cottage industries have grown up around specialised corporate cybercrime.

These bad actors aren’t just focusing on global corporations or well-known institutions anymore – companies of every size are at risk of attack. But you can quickly and efficiently add safeguards to your systems and data to reduce your risk of corporate espionage, and it’s not even expensive.

Add a secure identity and access management solution like DUO Security to add safeguards against hackers that make it harder for them to break in with a stolen or cracked password.

It’s also smart to add automatic phishing protection with SonicWall Email Filtering to put strong protection between your business and cybercrime like phishing and ransomware.

By beefing up security with these solutions and staying alert for credential compromise with Dark Web ID, you can ensure that you’re ready for potential corporate hacking attempts to keep your proprietary data safe.

Recent Breaches

USA – Equinix – Data Center Operator

Exploit: Ransomware

Risk to Small Business: Severe: Netwalker ransomware made itself at home at data centre giant Equinix, and the cybercriminals gang responsible is asking for $4.5 million to move out.

The attack occurred over the US Labour Day holiday weekend, and appears to impact Equinix’s Australian clients most heavily. An accompanying screenshot showing a sample of the encrypted/stolen data includes folders of financial information, payroll, accounting, audits, and data centre reports.

Risk to Exploited Individuals: No individual information was reported as compromised, but that could be a future consequence as events unfold.

Customers Impacted:  Unknown

Australia – K7 Maths – Education Services Provider

Exploit: Unsecured Database

Risk to Small Business: Severe:  The Australian Computer Emergency Response Team (AusCERT) determined that The Department of Education, Skills, and Employment (DoE), was not to blame in a breach incident after researchers downloaded the personal details of more than one million students, teachers, and staff from a Dark Web site.

Instead, the breach was traced to education services provider K7 Maths and an unsecured Elasticsearch cluster, likely as part of a March 2020 incident. The leaked data contained details such as first names, emails, password strings, and K7 Maths site settings.

Risk to Exploited Individuals: Moderate:  The leaked information could be used to launch spear phishing attacks and credential stuffing attempts. Users of the system should use caution in handling suspicious messages.

Customers Impacted: 1 MIL

Ensure you’re protecting your data and systems from common sources of credential compromise and data loss by implementing a solid cybersecurity plan.

Talk to a TCT team member today and we can show you how.

Robert Brown

Follow us on LinkedIn:

Related Articles:
Cyberattack risks and data breach costs are on the rise in 2020
Growing Dark Web data dumps are fuelling new Cybercrime

Log a Job: