US based FlexBooker incident report claims a massive DDoS attack on AWS allowed the theft of data from over 3 million user accounts. The report shows the attack began on Dec. 23rd and was resolved the next day with the help of AWS technical services. On his HaveIBeenPwnd.com site, security researcher Troy Hunt claims to have received the files said they contained data from 3.7 million accounts. He said “the data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. The data was found being actively traded on a popular hacking forum.”
FlexBooker provides appointment scheduling services for any small business that needs to schedule appointment, such as accountants, doctors, lawyers, hair salons, dentists, therapists, mechanics, etc. According to Bleeping computer, the data has been seen being traded on hacker forums by a group calling themselves Uawrongteam. They wrote that “The same intruders are offering databases claiming to be from two other entities: racing media organization Racing.com and Redbourne Group’s rediCASE case management software, both from Australia.”
<p>I am not familiar with the particulars of this attack, but I have seen where DDoS attacks are sometimes launched as a distraction (disrupt vital business services), while the adversary\’s primary goal is to gain access and exfiltrate sensitive information. We know that there are financial losses associated with system outages, hence, why security teams have all eyes on glass, so to speak, when there is a DDoS attack. And when this happens, it is important to be prepared for the possibility of a multifaceted attack and be very diligent with monitoring other anomalies happening on the network.</p>