Hackers infiltrated Collabera, siphoned off at least some employees’ personal information, and infected the US-based IT consultancy giant’s systems with ransomware.
Hackers infiltrated Collabera, siphoned off at least some employees’ personal information, and infected the US-based IT consultancy giant’s systems with ransomware.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This incident would be just another drop in the borderless ocean of fairly trivial data breaches during 2020, BUT the business of the allegedly breached company makes the incident particularly dangerous for would-be victims, who are mostly Collabera clients.
Sophisticated spear-phishing campaigns and well-thought BEC (business email compromise) campaigns are becoming both proficient and widespread these days. Given that many organizations blindly trust their IT employees – including those who no longer work for them, but have failed to properly inform their colleagues about their departure – identity theft may be particularly fruitful under the circumstances.
Even a well-trained employee is highly susceptible to unwittingly or thoughtlessly sharing confidential data if the request comes from someone previously employed in the cybersecurity or IT team. The current pandemic bolsters the risks given that many organizations and enterprises are still tremendously disrupted by the work from home set-ups.
Unless further technical details about the incident are released by Collabera it would, however, be premature to make any conclusions about the origins and potential causes of the incident. Though, one thing is clear: Collabera clients and their employees should be particularly vigilant during the next few months of incoming emails, messages, and even phone calls.