In addition to the news of the sale online of 34 million users’ records from 17 companies, an attack on gold seller JM Bullion has been reported via a notice from the company. Here is a perspective from cybersecurity experts on both of these incidents.
More information:
Lazada RedMart Statement: https://pages.
JM Bullion notice Reddit: https://www.reddit.
In today\’s ransomware climate it\’s still alarming to hear when companies fail to disclose recent breaches, especially considering the backlash typically received when end users find an organization has not been forthcoming. However, I\’m not necessarily sure these are cases of willful ignorance on the part of the victims. Considering the recent trend of long dwell times for ransomware, it seems more likely that most of these organizations simply didn\’t know they were breached – which is actually a scarier reality.
Organizations need to have tools in place to defend themselves from breaches, however this may be an insurmountable task for some given available IT and financial resources, the potential for user error, and determination of the attackers who want to get in. Assuming any organization can be breached at any time, it\’s important to also have software tools in place to detect ransomware that\’s already in the network, lockdown paths to admin rights, and reduce overall attack surfaces to thwart the ransomware\’s path through the network. Just because you\’ve been breached doesn\’t mean the attackers have already won. If they can\’t gain access to an account with rights to sensitive information or admin privileges, then they\’ll be stopped dead in their tracks in many cases.
The sale of 34 million stolen user records shows the kinds of business model cybercrime has evolved into. Individual attackers of APT groups steal information from their victims than either sell it themselves or pass it on to a broker who sells it for them. The simple fact that data brokers like this exist shows the extent of the problem. The law enforcement community is responsible for pursuing and prosecuting the attackers, while it is up to users to practice good account hygiene with carefully chosen passwords for each site, and multifactor authentication, and for companies to do what they can to protect their assets from attack. That includes adequate policies, and an up to date security stack, including behavioral analytics, to quickly identify a breach, and reduce the risk of one happening in the first place.