Blog

(In) Secure Digest: Cyberattack on Dell, Fortinet Cloud Leak, Blackmailing Employee

Posted by SearchInform on October 3, 2024 at 11:52
(In) Secure Digest: Cyberattack on Dell, Fortinet Cloud Leak, Blackmailing Employee

A roundup of high-profile IS incidents that occurred or came to light last month is here. During September, we witnessed attacks on IS vendors and the leaking of data on millions of Americans.

Engineer in reverse

What happened: an employee locked down his employer's servers and demanded a ransom.

How it happened: on 25 November 2023, employees of an unnamed US company received an email with the headline ‘Your Network Has Been Penetrated’. The email claimed that all IT administrators had lost access to their accounts and server backups had been destroyed.

The email contained a threat as well. The unknown malicious actor promised to shut down 40 random company servers every day for 10 days unless 20 bitcoins (~$750,000 then) were paid to him.

The investigation, which was coordinated by the FBI, revealed that the attacker was 57-year-old Daniel Rhyne. He worked for the same unnamed company as an engineer.

Using his knowledge of the company and its systems, he locked down 254 corporate Windows servers. Neither admins nor users could log in, as accounts were either deleted or had a different password than the previous one. There was no access to the backups either, Ryn had deleted them.

The intruder was identified due to his data searches. The FBI found that Ryan used a hidden virtual machine and a personal laptop to learn how to wipe accounts, clear event logs, and change passwords for domain users using the command line.

As a result, Rhyne faces multiple charges that, when combined, could result in 35 years in prison, as well as a $750,000 fine. 

Forte? Net

What happened: IS vendor Fortinet fell victim of a cyberattack.

How it happened: on 12th of September, an unknown person claimed hacking Fortinet. In a post on a shadow forum, the malicious actor reported obtaining 440 GB of data from the company's Sharepoint server. The hacker also left credentials to log into the object storage where all the stolen data was allegedly located, and said he tried to blackmail Fortinet but was rebuffed.

On the same day, the IS giant’s representatives confirmed the data leak, reporting that ‘an individual gained unauthorized access to a small amount of customer data that was stored on an instance of third-party cloud file storage’.

Fortinet also said in a press release posted on its website that “the incident affected less than 0.3% of its customer base and that it has not resulted in any malicious activity targeting customers.

Don't value what they got for free

What happened: the data of 100 million Americans was leaked into the public domain.

How it happened: MC2 Data is a background check company. It collects and compiles information about people from publicly available sources to build a profile of a person. It contains all the information about criminal records, places of employment, relatives, etc. Such profiles are used by landlords and security officers to understand whether it’s ok to co-operate with person or not.

A recent investigation revealed that MC2 Data's 2.2TB database with over 106 million records was publicly available on the internet and wasn’t password protected. Experts estimate that the leak affected the data of 100 million Americans. It contained a lot of different information, ranging from full names and email addresses to legal documents and real estate records. The database was discovered on 7 August, and it is not known how long it had remained in a public access.

At the moment, access to the database is closed, and there is no official information from the company available yet, but, presumably such an incident could occur due to human error and incorrect system configuration.

BingX has been hit

What happened: cryptocurrency exchange BingX lost $44 million as a result of cyberattack.

How it happened: on 9th of September, blockchain security specialists noticed suspicious activity - millions of dollars were being withdrawn from the BingX exchange. As it turned out later, it was a cyberattack, which the owners of the exchange tried to hide. They wrote on social media about a temporary shutdown due to ‘wallet maintenance’, but later acknowledged ‘abnormal network access, potentially indicating a hacker attack on the BingX hot wallet’.

In response to the attack, the company began transferring assets and suspended withdrawals, and stated that ‘there has been a minor loss of assets, but the amount is small and is currently being calculated.’ However, several companies, including SlowMist, which was hired by the exchange for an audit, found that the amount stolen was clearly more serious than ‘small’ and ranged from $44 million to $48 million.

The exchange subsequently brought in cryptocurrency security specialists to track the movements of the stolen currency. It is also noteworthy that BingX offered the hacker who hacked them to co-operate: transfer all the stolen funds back, and then BingX will stop any harassment, and as a thank you offer 10% of the stolen assets.

Trouble comes alone?

What happened: A hacker gained access to sensitive Dell data.

How it happened: On 19, 22 and 25 September, the same hacker published three posts containing Dell data to a shadow forum. The hacker initially claimed that the data was compiled from different hacks, but later admitted that there was only one hack and he was strategically leaking the data piecemeal.

The first post included data from nearly 11,000 employees: full names, work statuses, IDs. 

The second contained 3.5GB of various uncompressed data: Jira data tables, migration patterns, system configuration information, user credentials, information about software vulnerabilities, development issues, etc. 

The last post contained almost 500 MB of images, PDFs, videos, project documents, MFA data, etc.

After the first incident, Dell representatives told the company was aware of the problem and had launched an investigation. However, there was no comment when asked about subsequent hacks.

IS tip of the month: The autumn business season is in full swing, which means it’s time to stock up on tea and lemon and get on with the hard work of investigating incidents, and drawing up and agreeing budgets for the coming year.

To avoid the hassle of ensuring your organization’s comprehensive information security within a tight budget and lack of staff, we recommend Managed Security Services.The MSS model enables organizations to ensure protection without the cost of labor or the need to purchase protection software & hardware — all within a subscription. You can try it free for 30 days.

Views: 15
Tags: data leak, information security, cybersecurity, cyberattac, blackmailing
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by SearchInform

SearchInform is a 100% private company that develops risk management products being one of the industry leaders. More than 4,000 companies across 20+ countries are SearchInform clients. The development team has been creating search technologies for unstructured data since 1995 and started developing information security solutions in 2004. Today, the team has products and services for comprehensive protection against insider threats at all levels of corporate information systems.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

FEATURED BLOG POSTS

LATEST BLOG POSTS

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead