sb-eu logo
Story image

Hackers steal data through ‘easy back door’ in massive Deloitte breach

27 Sep 2017

In just the last few weeks we’ve had three major breaches go public. Equifax. Securities and Exchange Commission (SEC). And now, Deloitte.

One of the largest private firms in the US, the sophisticated hack compromised the confidential emails and plans of some of Deloitte’s blue-chip clients. Perhaps worst of all, the cybersecurity attack has gone unnoticed for months with the hackers inhabiting the network and stealing data as it comes.

The hacker gained access to Deloitte’s underbelly via an administrator account, which theoretically would have provided them complete and unrestricted access to all of the data.

According to sources, the account was absent of two step verification and only required a single password to give the hackers access to emails, usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

Last year the company reported a record US$37 billion of revenue, providing auditing, tax consultancy and ironically, high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.

This torrent of recent data breaches makes clear the challenges of commercial and government cybersecurity are continuing to converge.

However, a number of cybersecurity experts affirm all of these incidents were preventable had the affected organisations applied the proper practices and monitored typical behaviour and data access.

“Three major breaches. Three unique challenges. One important lesson learned. The industry must quickly focus on the crossroads between people, process and technology to adequately address these unyielding security threats,” says CTO of Data Protection and Insider Threat Security at Forcepoint, Brandon Swafford.

“The news of Deloitte's breach, reportedly resulting from a lack of multi-factor authentication that led to access of sensitive data in the cloud, highlights that a focus on any one security risk point is not adequate.”

Chris Ross, SVP International at Barracuda says this is another case of the very basic security practices not being followed.

“If the attacker in the Deloitte case got into their global email server through an administrator’s account, then this is a classic case of account compromise,” says Ross.

“Judging by the lack of multi factor authentication, it’s very likely that the brute force attack took place via web access to the email server - potentially by successfully guessing the password.”

Ross says that aside from a very strong password, two factor authentication has become an industry standard, particularly when it comes to admin accounts that have even more access to sensitive data.

“This attack also highlights the need for measures such as email encryption when exchanging confidential data,” says Ross.

“Cyber attackers may be developing ever more sophisticated and well-researched tactics, but not following basic security advice like this is in effect giving criminals a very successful and easy ‘back door’ into your organisation.”

Story image
Okta, CrowdStrike, Netskope and Proofpoint create shared zero trust security strategy
Okta, CrowdStrike, Netskope and Proofpoint have joined forces to develop and launch an integrated, zero trust security strategy, stating that this is crucial for today’s digital and remote working environments.More
Story image
US oil & energy providers hit by plunging market cap in 1H 2020
As the COVID-19 coronavirus pandemic continues to lead many market sectors into turbulence, the energy sector has not escaped unscathed.More
Story image
Cyber threat intelligence reaching maturity in organisations worldwide
Cyber threat intelligence is reaching a state of maturity and integration in organisations across the globe, according to a survey by the SANS Institute and ThreatQuotient.More
Story image
APAC parents hide internet activity from children more than cyber attackers
A new report from Kaspersky has turned a modern trope - that teens have things to hide in their internet history - on its head, by proving the opposite is also true.More
Story image
Cyber attacks keeping business leaders up at night, new research finds
Data breaches and insider threats are keeping organisations up at night, according to new research from KnowBe4, the security awareness training and simulated phishing platform.More
Story image
Attivo Networks raises the stakes against 'Ransomware 2.0'
“Advanced human-controlled ransomware can evade endpoint security controls and after initial compromise, move laterally to cause maximum damage, do data exfiltration and encrypt data."More