Expert Comments

34 Mil Records Exposed Online; Attack On Gold Bullion Broker

Expert(s): Security Experts
Expert(s): Security Experts

In addition to the news of the sale online of 34 million users’ records from 17 companies, an attack on gold seller JM Bullion has been reported via a notice from the company. Here is a perspective from cybersecurity experts on both of these incidents.

More information:

Lazada RedMart Statement: https://pages.lazada.sg/wow/i/sg/redmart/redmartdatabasesecurityincident?spm=a2o42.lazmart_channel.0.0.70e948a6uUXEgj&wh_weex=true&scm=1003.4.icms-zebra-100435441-4915234.OTHER_6026139920_6465367

JM Bullion notice Reddit: https://www.reddit.com/r/Gold/comments/jluk70/jm_bullion_security_sensitive_data_breach_just/

Experts Comments

Dot Your Expert Comments
Dan Piazza
November 03, 2020
Technical Product Manager
Stealthbits Technologies

Just because you've been breached doesn't mean the attackers have already won.
In today's ransomware climate it's still alarming to hear when companies fail to disclose recent breaches, especially considering the backlash typically received when end users find an organization has not been forthcoming. However, I'm not necessarily sure these are cases of willful ignorance on the part of the victims. Considering the recent trend of long dwell times for ransomware, it seems more likely that most of these organizations simply didn't know they were breached - which is actually .....Read More
In today's ransomware climate it's still alarming to hear when companies fail to disclose recent breaches, especially considering the backlash typically received when end users find an organization has not been forthcoming. However, I'm not necessarily sure these are cases of willful ignorance on the part of the victims. Considering the recent trend of long dwell times for ransomware, it seems more likely that most of these organizations simply didn't know they were breached - which is actually a scarier reality. Organizations need to have tools in place to defend themselves from breaches, however this may be an insurmountable task for some given available IT and financial resources, the potential for user error, and determination of the attackers who want to get in. Assuming any organization can be breached at any time, it's important to also have software tools in place to detect ransomware that's already in the network, lockdown paths to admin rights, and reduce overall attack surfaces to thwart the ransomware's path through the network. Just because you've been breached doesn't mean the attackers have already won. If they can't gain access to an account with rights to sensitive information or admin privileges, then they'll be stopped dead in their tracks in many cases.  Read Less
Saryu Nayyar
November 03, 2020
CEO
Gurucul

The simple fact that data brokers like this exist shows the extent of the problem.
The sale of 34 million stolen user records shows the kinds of business model cybercrime has evolved into. Individual attackers of APT groups steal information from their victims than either sell it themselves or pass it on to a broker who sells it for them. The simple fact that data brokers like this exist shows the extent of the problem. The law enforcement community is responsible for pursuing and prosecuting the attackers, while it is up to users to practice good account hygiene with.....Read More
The sale of 34 million stolen user records shows the kinds of business model cybercrime has evolved into. Individual attackers of APT groups steal information from their victims than either sell it themselves or pass it on to a broker who sells it for them. The simple fact that data brokers like this exist shows the extent of the problem. The law enforcement community is responsible for pursuing and prosecuting the attackers, while it is up to users to practice good account hygiene with carefully chosen passwords for each site, and multifactor authentication, and for companies to do what they can to protect their assets from attack. That includes adequate policies, and an up to date security stack, including behavioral analytics, to quickly identify a breach, and reduce the risk of one happening in the first place.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Experts Reaction On World Economic Forum 2021 Report Cites Cyber...

Major Security Flaws Found In Signal And other Video Chat...

Comment On IoT Risks Of Peloton Bike

70% of UK Finance Industry Hit With Cyber-Attacks In 2020

A Chinese Hacking Group Is Stealing Airline Passenger Details

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For...

NSA And Dutch NCSC Warn Outdated TLS Certs

Federal Agency Warns Cloud Attacks Are On The Rise –...

Experts Reaction On New Chrome Update To Boost Password Security

Experts Insight On Latest Flaw Within DNSpooq