Story image

Hackers steal data through ‘easy back door’ in massive Deloitte breach

27 Sep 2017

In just the last few weeks we’ve had three major breaches go public. Equifax. Securities and Exchange Commission (SEC). And now, Deloitte.

One of the largest private firms in the US, the sophisticated hack compromised the confidential emails and plans of some of Deloitte’s blue-chip clients. Perhaps worst of all, the cybersecurity attack has gone unnoticed for months with the hackers inhabiting the network and stealing data as it comes.

The hacker gained access to Deloitte’s underbelly via an administrator account, which theoretically would have provided them complete and unrestricted access to all of the data.

According to sources, the account was absent of two step verification and only required a single password to give the hackers access to emails, usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

Last year the company reported a record US$37 billion of revenue, providing auditing, tax consultancy and ironically, high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.

This torrent of recent data breaches makes clear the challenges of commercial and government cybersecurity are continuing to converge.

However, a number of cybersecurity experts affirm all of these incidents were preventable had the affected organisations applied the proper practices and monitored typical behaviour and data access.

“Three major breaches. Three unique challenges. One important lesson learned. The industry must quickly focus on the crossroads between people, process and technology to adequately address these unyielding security threats,” says CTO of Data Protection and Insider Threat Security at Forcepoint, Brandon Swafford.

“The news of Deloitte's breach, reportedly resulting from a lack of multi-factor authentication that led to access of sensitive data in the cloud, highlights that a focus on any one security risk point is not adequate.”

Chris Ross, SVP International at Barracuda says this is another case of the very basic security practices not being followed.

“If the attacker in the Deloitte case got into their global email server through an administrator’s account, then this is a classic case of account compromise,” says Ross.

“Judging by the lack of multi factor authentication, it’s very likely that the brute force attack took place via web access to the email server - potentially by successfully guessing the password.”

Ross says that aside from a very strong password, two factor authentication has become an industry standard, particularly when it comes to admin accounts that have even more access to sensitive data.

“This attack also highlights the need for measures such as email encryption when exchanging confidential data,” says Ross.

“Cyber attackers may be developing ever more sophisticated and well-researched tactics, but not following basic security advice like this is in effect giving criminals a very successful and easy ‘back door’ into your organisation.”

The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.