Hacker claims to have breached Night Lion security firms in act of revenge and stolen more than 8,200 databases.
https://twitter.com/AcademiicArista/status/1282601548124549120
Hacker claims to have breached Night Lion security firms in act of revenge and stolen more than 8,200 databases.
https://twitter.com/AcademiicArista/status/1282601548124549120
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This is one of those cruel ironies of the cyber world. Anywhere where large datasets are gathered are prime targets for exploitation. In this case, hackers can monetise personal data contained in a database and the bigger the better. Organisations should ensure they are only storing the data they need and have effective controls in place to prevent compromise including the most common issues with outdated applications and operating systems. We would expect this from a cyber security firm but breaches can happen through a single user error. Additionally, segmentation and isolation should be in place wherever possible rather than creating a single data lake, and more modern approaches such as resource-based authorisation should be adopted.
Cybercriminals are increasingly targeting MSPs and trusted third-parties including cybersecurity companies as recently highlighted by the US Secret Service. Modern cyber gangs prefer the indirect approach to frontal attacks given that it is usually faster, easier and much less risky.
This specific case, however, seems to be a personal revenge incident primarily directed to damage reputation of the allegedly breached cybersecurity firm. The statements made by the intruders should be thoroughly investigated and assessed prior to making any conclusions. Given the details of the incident, a criminal investigation may have a considerable degree of success to uncover the chain of events and identify the attackers.
Interestingly, such an incident, based on the reported facts, will unlikely be covered by the majority of cyber insurance policies so vigorously demanded by a growing number of businesses considering them as a panacea from hackers.
Cyber-attacks motivated by revenge are some of the most difficult to mitigate. Financial motivators look relatively similar and use more common attack vectors, such as phishing emails, due to a lack of internal knowledge. If threat actors cannot gain entry, they tend to move on to the next victim quite quickly. Much like with burglar alarms on houses, burglars will see the deterrent and move on to the next one.
However, revenge attacks will usually use a constant barrage of attacks and often won’t stop until the damage has been done. Similar to the burglar alarm analogy, someone who really wants to break in to a specific house won’t let an alarm get in the way.
We have to admit that all companies are at risk of attack, so it is important to intelligently ascertaining that risk level. Most companies get by with a certain level of risk, which helps mitigate a standard level of attack. Increased awareness and continual security patching can help to reduce revenge attacks, but more often than not they will not let anything get in their way – acting like a tsunami as it continues until all security holes have been chanced and entry has been gained.