.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Christie Business Holdings Company, a major medical firm based out of Illinois in the United States.
The Take: Personally Identifiable Data belonging to 500,000 individuals. The data accesses contained: names, addresses, medical and insurance information, and Social Security Numbers.
The Vector: The threat actors gained access through BEC attack (Business Email Compromise) on an employee’s email account, therefore able to act with all the permissions of said employee, and attempted to intercept business transactions as well as view the exposed personal data.
This breach is a stark reminder of the important not only robust employee credential authentication and password hygiene, but also the principle of least privilege. When a firm’s employee account is breached, it’s critical to note the attackers can access and perform all the same actions as the employee. Locking down appropriate permissions, admin access, and ensuring users only need the tools they need to do their jobs, and no more, will reduce the risk of these attacks.
The Target: Fox News, a U.S based news organization.
The Take: Exposure of Personally Identifiable Information including: internal employee emails, usernames, employee ID numbers, affiliate information, event logging, host names, IP address, and device data.
The Vector: A misconfiguration of a storage server left the data exposed online, meaning anyone with an internet connection could have accessed and downloaded the information.
This breach highlights the critical importance of employing robust practices of credential management, user authentication and validation. An unprotected point of entry on a key piece of equipment like a storage server can lead to a breach with a cascading effect on data security. The detailed personal information, along with the event logs and sensitive company information, can lead to highly effective phishing attacks.
The Target: Palo Alto Networks, a U.S based cybersecurity company.
The Take: Exposure of Personally Identifiable Information including: names, business contact information, conversation records, conversation records, email addresses, and support tickets with attachments such as firewall logs, configurations, and other debugging assets.
The Vector: A misconfiguration of Palo Alto’s support ticketing system allowed anyone with an internet connection to login and view support tickets, gaining access to personal and client company information.
The breach is critical reminder of the importance of credential management and authentication around points of access which expose customer data. The information gathered in support scenarios is especially sensitive as the exposed details can greatly aid malicious actors in crafting highly targeted and effective spear-phishing campaigns. All points of access should be appropriately locked down and employing another layer of security like Two-Facto Authentication is highly recommended.
The Target: Doctors Me, a private self-assessment health service company located in Japan.
The Take: Exposure of 300,000 records of nearly 12,000 customers. The exposed information was a collection of symptom photos, in many cases, exposing the customer’s faces.
The Vector: A misconfigured Amazon S3 storage server was left open online, meaning anyone with internet access could have viewed and downloaded the data.
While the photos were uploaded anonymously, attackers can cross reference these pictures with other social media sties and craft extremely effective spear-phishing campaigns, as well engage in fraud and blackmail. This breach is another critical reminder of the importance of airtight credential management at all points of access for firms. Ensuring two-factor and comprehensive user authentication is paramount for a robust cybersecurity posture.
The Target: Melijoe.com a high-end e-commerce fashion retailer of luxury children’s clothing.
The Take: Exposure of 2 million records totalling 200GB of Personally Identifiable Information including: email addresses, names, gender, dates of birth, marketing and preferences data.
The Vector: A misconfigured Amazon S3 storage bucket was left open and unsecured, meaning anyone with an internet connection could have accessed and viewed the data.
This breach highlights the critical importance of employing robust practices of credential management, user authentication and validation. An unprotected point of entry on a key piece of equipment like a storage server can lead to a breach with a cascading effect on data security. The detailed personal information contained exposes users to targeted phishing attacks and fraud.
The Target: Adafruit Industries is an open-source hardware company who designs, manufactures, and sells electronic products, components tools and accessories.
The Take: Exposure of Personally Identifiable Information including: names, email addresses, shipping/billing addresses, order details, and PayPal payment status.
The Vector: The information was exposed through a publicly accessible GitHub repository belonging to an ex-employee, meaning anyone with an internet connection could access and view the data.
This breach highlights the importantance of data management and confidentiality. Knowing where and how an employee stores company data, and if it’s secure or not, are key principles of maintaining a robust cybersecurity posture. Firms should consider every method to catalogue and track where their data lives to ensure access is tightly controlled, a practice paramount to a secure data environment.
The Target: Mon Health, a healthcare services provider.
The Take: Exposure of Personally Identifiable Information including: names, addresses, birth dates, social security numbers, medical record numbers, treatment data, and insurance claim numbers.
The Vector: The firm suffered a BEC (business email compromise), in which the attacker impersonated a high-level member of the company to request payment, or in this case, get access to sensitive data.
This breach highlights the importance of regular IT threat awareness training to employ a measured approach to all requests for access or payment, no matter what the source. BEC attacks exploit employee’s willingness to get things done fast, and by using a robust cyber security posture, these attacks can be greatly mitigated.
The Target: International Committee of the Red Cross
The Take: Exposure of 515,000 records of personal data and backdoor access to the firm’s IT systems.
The Vector: The threat actors used a known software vulnerability in a third-party platform named Zoho that ICRC was employing to execute their malicious code remotely. As Zoho had not patched the vulnerability, the attackers took advantage and penetrated the system, letting them pivot to ICRC’s data.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-part systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: The Internet Society or ISOC, a non-profit organization whose mission is to keep the internet open source and secure.
The Take: Exposure of Personally Identifiable Information of 80,000 records including: full names, email addresses, physical mailing addresses, and login information.
The Vector: A third-party vendor misconfigured a database server, leaving it open and accessible by anyone with an internet connection.
It is important to employ all-encompassing credential management, user authentication and validation, as much possible, on third-party vendors which have access to a firm’s data. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data exposure.
The Target: Wormhole, a cryptocurrency online trading platform.
The Take: $322 million ETH currency.
The Vector: A website vulnerability allowed the attacker to fool the exchange software to release far greater number of the ETH currency than was specified through a temporary token. By altering the conversion, the hacker was able to withdraw far more than the number the entered.
This breach highlights the importance of locking input forms in a firm’s website, be it a name field, email field, or account field, anywhere the user is sending information to the database is a prime target for threat actors. Regular testing for software vulnerabilities is a key component of upholding robust cybersecurity posture.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy