Breach Trends & Insights – February 2021

This report summarises the top breaches between mid – January till 24th February 2021. 

The report will help you to keep track of the latest hacks and add insights to safeguard your organization by looking at the trends. 

Most common data breach trends identified – 

  1. Exposed Databases
  2. Ransomware Attacks
  3. Social Engineering Attacks

 

Cyber Intrusions and Attacks have increased dramatically over the last decade, exposing sensitive, personal, and business information and disrupting critical operations. There is an increase in ransomware attacks and data breaches at this particular time because of the remote working environment. These attacks and data breaches warn the organizations to continuously monitor their Digital Attack Surface and there is a need to do continuous Red Teaming and Penetration Testing to identify the attack paths which can be leveraged by hackers.

American Cable and Internet Giant Comcast Exposed Development Database Online

Comcast provides residential and commercial services in 40 states and is the largest cable TV company and largest home Internet service provider in the USA.

The WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained over 1.5 billion records. There were references to Comcast throughout the database including multiple subdomains, URLs, and internal IP addresses. The publicly visible records included dashboard permissions, logging, client IPs, @comcast email addresses, and hashed passwords.

Exposed Database Contained

  • The total size of the database was 477.95 GB  and contained 1.5 Billion records
  • There were a large number of remote and internal IP addresses, node names, and other details that could provide a blueprint for internal functionality, logging, and overall structure of the network.
  • The server exposed email addresses and hashed passwords of Comcast’s Development team.
  • IP addresses, Ports, Pathways, and storage information that cybercriminals could potentially exploit to access deeper into the network.

Cause: non-password protected database that contained over 1.5 billion records

Impact: 1,5 Billion records were exposed

Source – websiteplanet.com

Cybersecurity Firm Stormshield Hacked. Data (Including Source Code) Stolen

French cybersecurity firm Stormshield has revealed that it has suffered a security breach, and hackers have accessed sensitive information. A hacker managed to steal data after gaining access to a portal used by customers and partners, potentially accessing support tickets and communications with staff.

Stormshield also discovered that some of the source code for the Stormshield Network Security (SNS) firewall was also stolen. This raises the spectre of a malicious attacker either uncovering security holes in the firewall that might be exploited in later attacks, or the creation of malicious updates.

As a precautionary measure, the French cyber-security agency ANSSI says it has put Stormshield’s products “under observation” while the breach continues to be investigated.

Cause: Gaining access to a portal used by customers and partners

Impact: some of the source code for the Stormshield Network Security (SNS) firewall was stolen

Source: grahamcluley.com

Kia Motors America Suffers Ransomware Attack, $20 Million Ransom

Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.

It was reported that Kia Motors America was suffering a nationwide IT outage that has affected their mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by dealerships.

The Tor victim page says that a “huge amount” of data was stolen, or exfiltrated, from Kia Motors America.

Cause: Ransomware Attack

Impact: Nationwide IT outage that has affected their mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by dealerships.

Source: bleepingcomputer.com

Sequoia Capital Suffers Data Breach

Sequoia Capital last week warned investors that some of their personal and sensitive information may have been exposed in a recent data breach of the firm.

According to reports, Sequoia said the data may have been accessed by a third party in the breach, which occurred as a result of a successful phishing attack on an employee via email.

As part of the notification, Sequoia also told investors it is looking for indications that stolen information is currently for sale or traded on the Dark Web.

Cause: Sequoia employee’s email was successfully phished

Impact: Investors Personal & sensitive information may have been exposed

Source : Dark Reading

Exposed Azure Bucket Leaked Passports, IDs Of Volleyball Reporters

A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. These sensitive documents were hosted on a Microsoft Azure blob storage share that was publicly accessible to anyone.

The exposed storage share URL contained thousands of headshot images of volleyball players from Europe, Russia, and other countries in both the ‘backup’ directory and an ‘AccreditationPhotos’ subfolder.

Cause: Microsoft Azure blob storage share was publicly accessible

Impact: Images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world were exposed

Source: bleepingcomputer.com

Singapore's Singtel Says Personal Information Of 1,29,000 Users Stolen In Data Breach

Personal information of about 1,29,000 customers of Singapore’s leading telecom company Singtel has been stolen after a recent data breach of a third-party file-sharing system, the company said. The stolen personal information includes the customers’ National Registration Identity Card numbers and a combination of names, dates of birth, mobile numbers and addresses, the group said.

Cause: Data breach of a third-party file-sharing system

Impact: 

  • 1,29,000 users personal information includes Identity card numbers, combination of names, DOB, mobile numbers, and addresses were stolen
  • Bank account details of 28 former Singtel employees
  • Credit card details of 45 staff members of a corporate customer with Singtel mobile lines were taken.

 

Source: ciso.economictimes.indiatimes.com

Indian Government Breach: Massive Amount Of Critical Vulnerabilities

Robert Willis reported that he had found sensitive data and was able to breach police assets. Jackson Henry was working in the enumeration processes with his friend, Zultan Holder [not an active Sakura Samurai member], and identified a slew of various attack vectors, immediately resulting in the exposure of many pairs of credentials for databases and other pertinent applications. They continued to work on the list of assets within scope, while also further jumping into the research and began performing analysis on the sensitive data, identifying additional vectors of attack, exposed PII, and even more credentials.

Following critical findings were identified

  • Exposed Database Credentials
  • Private SSH Keys
  • Sensitive File Exposure
  • Exposed PHPMailer Credentials

 

Cause: Vulnerability in an application allowed researchers to access Sensitive Police Records, containing PII of individuals

Impact: Database credentials & sensitive files were exposed

Source: johnhacking.com