Expert Comments

Experts On Revenge Hack Steals Thousands Of Databases From Security Firm

Expert(s): Security Experts
Expert(s): Security Experts

Hacker claims to have breached Night Lion security firms in act of revenge and stolen more than 8,200 databases.

Experts Comments

July 13, 2020
Jamie Akhtar
CEO and Co-founder
CyberSmart
This is one of those cruel ironies of the cyber world. Anywhere where large datasets are gathered are prime targets for exploitation. In this case, hackers can monetise personal data contained in a database and the bigger the better. Organisations should ensure they are only storing the data they need and have effective controls in place to prevent compromise including the most common issues with outdated applications and operating systems. We would expect this from a cyber security firm but.....Read More
This is one of those cruel ironies of the cyber world. Anywhere where large datasets are gathered are prime targets for exploitation. In this case, hackers can monetise personal data contained in a database and the bigger the better. Organisations should ensure they are only storing the data they need and have effective controls in place to prevent compromise including the most common issues with outdated applications and operating systems. We would expect this from a cyber security firm but breaches can happen through a single user error. Additionally, segmentation and isolation should be in place wherever possible rather than creating a single data lake, and more modern approaches such as resource-based authorisation should be adopted.  Read Less
July 13, 2020
Ilia Kolochenko
Founder and CEO
ImmuniWeb
Cybercriminals are increasingly targeting MSPs and trusted third-parties including cybersecurity companies as recently highlighted by the US Secret Service. Modern cyber gangs prefer the indirect approach to frontal attacks given that it is usually faster, easier and much less risky. This specific case, however, seems to be a personal revenge incident primarily directed to damage reputation of the allegedly breached cybersecurity firm. The statements made by the intruders should be thoroughly.....Read More
Cybercriminals are increasingly targeting MSPs and trusted third-parties including cybersecurity companies as recently highlighted by the US Secret Service. Modern cyber gangs prefer the indirect approach to frontal attacks given that it is usually faster, easier and much less risky. This specific case, however, seems to be a personal revenge incident primarily directed to damage reputation of the allegedly breached cybersecurity firm. The statements made by the intruders should be thoroughly investigated and assessed prior to making any conclusions. Given the details of the incident, a criminal investigation may have a considerable degree of success to uncover the chain of events and identify the attackers. Interestingly, such an incident, based on the reported facts, will unlikely be covered by the majority of cyber insurance policies so vigorously demanded by a growing number of businesses considering them as a panacea from hackers.  Read Less
July 13, 2020
Jake Moore
Cybersecurity Specialist
ESET
Cyber-attacks motivated by revenge are some of the most difficult to mitigate. Financial motivators look relatively similar and use more common attack vectors, such as phishing emails, due to a lack of internal knowledge. If threat actors cannot gain entry, they tend to move on to the next victim quite quickly. Much like with burglar alarms on houses, burglars will see the deterrent and move on to the next one. However, revenge attacks will usually use a constant barrage of attacks and.....Read More
Cyber-attacks motivated by revenge are some of the most difficult to mitigate. Financial motivators look relatively similar and use more common attack vectors, such as phishing emails, due to a lack of internal knowledge. If threat actors cannot gain entry, they tend to move on to the next victim quite quickly. Much like with burglar alarms on houses, burglars will see the deterrent and move on to the next one. However, revenge attacks will usually use a constant barrage of attacks and often won’t stop until the damage has been done. Similar to the burglar alarm analogy, someone who really wants to break in to a specific house won’t let an alarm get in the way. We have to admit that all companies are at risk of attack, so it is important to intelligently ascertaining that risk level. Most companies get by with a certain level of risk, which helps mitigate a standard level of attack. Increased awareness and continual security patching can help to reduce revenge attacks, but more often than not they will not let anything get in their way – acting like a tsunami as it continues until all security holes have been chanced and entry has been gained.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Expert Comments – Travis CI Flaw Reveals *All* Keys, Credentials,...

Misconfigured APIs Make-Up Two-Thirds of Cloud Breaches

Epik Data Breach- Blue Hexagon Comments

Former US Intel Operatives Fined $1.6M For Hacking For A...

Microsoft Lets Users Go Passwordless, Experts Weigh In

Security Expert Re: New OWASP Top 10 List for Application...

Microsoft Patch Tuesday Expert Commentary

Deloitte Poll: C-suite Expects Ransomware Uptick But Orgs. Aren’t Trained...

What Expert Says On The Latest OMI Vulnerability In Azure

Expert Reacted On High Severity Vulnerability Found In HP’s Popular...

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy