Cybersecurity expert Josh Mayfield from FireMon commented this morning on news of a credit breach in India, in which 48,000 individuals’ personal and sensitive data was exposed to hackers. Personal and financial data of thousands of Indian citizens was found to have been freely exposed on the Web by credit services firm Creditseva, according to security researchers who first spotted the data breach. Around 48,000 Indian citizens’ critically sensitive data, including drivers’ license, home addresses, credit reports, as well as pictures were left exposed by the Hyderabad-based fintech startup, in an insecure Amazon Web Service server. The breach comes on the heels of Jio’s massive data breach that saw nearly 1 million users’ data leaked, now considered to be one of the largest data breaches in India’s history. Josh Mayfied, platform specialist at FireMon commented below.
Josh Mayfied, Platform Specialist at FireMon:
“What happened to Crediseva is yet another instance of an unforeseen, unknown threat leading to a catastrophic breach. Not only is Creditseva’s reputation (and corporate viability) at stake, but 48,000 regular people will be anxiously monitoring their personal information against identity fraud – for years to come. Thieves will often auction illegally obtained personal information on the Dark Web. And buyers could do anything with this information, including a hold strategy to use when the timing is most advantageous.
What can companies do? First, let’s see how the breach was first discovered. Krometech, who specializes in hunting for threats, was the first to notify Creditseva of the breach. Krometech was “hunting” — threat hunting is the iterative process of searching through network and security data to discover threats that evade traditional defenses. Now, Krometech’s hunt was more akin to discovering there is a moon in the night sky, but the principle is universal: Threat hunting is the surest way to find threats in an ever-evolving world. But to begin threat hunting, organisations must adopt a new paradigm: the assumption of compromise.
It does not require super-elite cybersecurity specialist, only an open mind and frictionless access to data for discovering threats.
Second, let us look at ways to secure cloud infrastructure. Often, cloud environments come with security settings that are elementary and easily changed (e.g. pubic/private).
In the case of Creditseva’s AWS S3 (Simple Storage Service), settings allowed public access, leaving it open to anyone accessing Creditseva’s customer data. To get a sense of how open this “public” setting is…anyone can, almost, effortlessly go to Creditseva’s AWS S3 bucket from a personal browser – like hitting your favorite news site or cooking blog.
Organizations can offset these risks by implementing a Cloud Infrastructure Security Broker (CISB) thereby giving themselves a governance layer and policy mechanism for operating their cloud assets.
When cloud infrastructure is deployed, it is often to satisfy a pressing concern (e.g application development, on-demand storage, etc). Having a CISB gives organizations security policy that will govern current and future cloud systems, without needing to manipulate each new instance. This gives companies security that conforms to policy, regulations, and governance with the agility necessary to satisfy the business demand.
Why are banks being targeted? Willie Sutton, infamous U.S. bank robber was once asked, “Why do you rob banks?” His response: “Because that’s where the money is.” Though this may seem banal and obvious, it gets right to the point. Banks not only have trillions in standard currency, but oceans of personal information. Financial markets are like oxygen. Their adequate provision is required for the whole system to work. This leads billions of people and millions of companies use financial services (banks) – that’s a stupefying amount of personal information.
If you are a cybercriminal, you dramatically increase your return on investment when you target organisations with the deepest cistern of personal data. The attack may be unsuccessful, but the payoff is so alluring that attackers will continue to put financial services at the top of any list.”