Connect with us

Security

Failed blackmail attempt prompts hackers to leak ocean of data belonging to major companies

Published

on

The most hacked passwords: Is yours one of them?
Your name, your favorite football team and your favourite band: The UK’s National Cyber Security Centre has released a list of the 100,000 most common passwords to appear in data breaches. Read more: https://zd.net/2UYNnKP

A hacking group has published a trove of data belonging to Citycomp which appears to have exposed the data of customers, some of which are extremely well-known enterprise companies across the globe.

Citycomp is a German IT company which provides the IT backbone and infrastructure required by enterprise companies. Citycomp says it maintains over 70,000 services and storage systems, as well as providing support and maintenance services for peripherals including cash register systems and printers.

In a statement issued this week, the company said it was the victim of a “targeted” cyberattack in early April this year.

While the company said it was able to “successfully fend off” the “hacker attack” with the help of external cybersecurity experts and the State Criminal Police Office of Baden-Württemberg, it was not entirely successful — as customer data had already been stolen.

The threat actors identities are unknown. However, it appears the attack was simply about the money, as the hackers tried to force Citycomp to pay a blackmail fee on the threat of the data entering the public domain.

Citycomp did not comply and so customer data has been released.

TechRepublic: Why third-party providers pose a security risk to organizations

“Since Citycomp does not comply with blackmail the publication of customer data could not be prevented,” the IT provider says. “The stolen data has now been published by the perpetrators and Citycomp’s customers were informed about it.”

The leaked data has been posted to a .onion domain, which is not accessible in the “public” clear Internet. These domains can only be accessed through the Tor network.

On the website, the threat actor claims that “312,570 files in 51,025 folders and over 516GB of data” was stolen, including “financial and private information on all clients, include VAG, Ericsson, Leica, MAN, Toshiba, UniCredit, and British Telecom (BT).”

See also: DJI employee who leaked source code sent behind bars

Other Citycomp clients named in the data dump include ATOS, Grohe, Hugo Boss, Oracle, SAP, and Porsche, among others.

In the data dump, which was viewed by ZDNet, customer email addresses and telephone numbers, meetings reports, asset lists — such as servers and other equipment connected to a customer account — as well as some payroll records, project sheets, and accountancy statements were all available. 

Some clients were only connected to a handful of leaked documents, whereas other customer records were far more robust and extensive. The authenticity of the leaked data has not been verified at the time of writing.

The ProtonMail email address posted with the information leak is connected to a form of ransomware which encrypts files using the .snatch extension. The ransomware strain in question was discovered in December 2018.

CNET: Cybercriminals ramping up fraud attacks on social media, says report

The — or one — of the alleged hackers behind the campaign spoke to the Register, telling the publication that the data currently available online is only a sample of the whole and was published as Citycomp did not pay a $5,000 ransom demand.

ZDNet has reached out to clients which appear to have been involved in the breach, including BT, Oracle, Ericsson, Hugo Boss, and SAP. At the time of writing, none of the companies have responded to requests for comment. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

GigaOm Radar for Unified Endpoint Management (UEM)

Published

on

Endpoint management is one of the most significant challenges enterprises face today. The modern workforce is becoming more distributed and demanding the flexibility to work where they want, when they want. Business leaders must respond to this demand and provide access to the services employees require, while also maintaining security and control of the business’s data assets.

To address these issues, organizations need an appropriate endpoint management strategy. The modern approach should be holistic and unified, bringing together control of devices, management of applications, security of data, and user access controls. Failing to deliver an effective endpoint strategy can have significant business impact, negatively affecting efficiency and competitiveness. Now, more than ever, the inability to offer a positive and flexible end user experience can make a business less attractive to potential employees.

The management of endpoint devices is not a new challenge; however, the way we operate has changed. This is reflected clearly in how market-leading vendors have shifted their approach, moving from “point solutions” to developing unified endpoint management (UEM) solutions. UEM solutions provide a single platform to manage a wide variety of endpoints, from desktops and laptops to cloud repositories. They offer granular control policies from configuration and applications to security based on geography, and from complete device restrictions to nuanced data controls.

This GigaOM radar report evaluates the leading UEM vendors that can underpin your endpoint management strategy. We look at tools that effectively meet the demands of the modern enterprise by providing robust management, security, and control. This report aims to give enterprise decision makers an overview of how these offerings can help address the complex challenge of endpoint management.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.

The post GigaOm Radar for Unified Endpoint Management (UEM) appeared first on Gigaom.

Continue Reading

Security

Key Criteria for Evaluating Deception Technology

Published

on

Attacker techniques and behaviors are constantly improving and evolving. As cyber security defenses zig, attackers zag. This dynamic creates a changed environment—what worked in the past to detect malicious actions most likely won’t work today or in the future. Deception technology (DT) tackles this quandary head on and provides defenders the ability to set traps for attackers and to gather valuable information for making better decisions.

Historically, DT would be executed in the form of either a honeypot or a sandbox. A honeypot is a trap set by defenders to emulate a real device in the network, while a sandbox is a virtual environment meant to deceive malware and allow analysis of the malware post-exploitation without endangering the organization.

Today, DT is described in much broader terms. Legacy DT solutions that attempt to emulate typical on-premises infrastructure like Linux and Windows hosts are ill fitting for modern organizations that have no perimeter or physical data centers. Components like cloud, SDN, remote workers, and the need for forensic analysis of attacker techniques have driven the evolution of DT to include features like mapping to the MITRE ATT&CK or SHIELD frameworks, low-code/no-code customization, and leveraging bait or lures for agentless deception.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.

The post Key Criteria for Evaluating Deception Technology appeared first on Gigaom.

Continue Reading

Security

Key Criteria for Evaluating Developer Security Tools

Published

on

Software needs to be written, built, and deployed with security in mind. This is true for both the application being created and the activities involved in its creation. In an ideal world, developers would be security engineers also and would build appropriate risk-mitigation features into their software applications, as well as follow appropriate procedures and apply policies to mitigate potential risk. The reality for many organizations, however, is that the urgency for software updates or new software often outweighs the ability to apply appropriate security at every step throughout the development and operation of a software product’s lifecycle.

Expanding the DevOps movement by considering security alongside every development or operational step in an application’s lifecycle, DevSecOps has become as popular a term as DevOps itself. Unfortunately, just as with DevOps, DevSecOps is not a single product or SKU that an organization can procure. There is no “one-size-fits-all” approach. The term itself may be defined differently to take into account the specific needs of an organization or department and touches all people, processes, and tooling across a software development workflow.

One key approach, often the one most associated with the term “DevSecOps,” is the focus on development security tools with a “shift-left” mindset; that is, tools that consider security as early as possible in the software development lifecycle. This mindset involves rapid security education, insights, and direct feedback to developers and engineers early in the development process. We describe this in more detail later.

This Key Criteria report examines the capabilities and trends that decision makers should look for when adopting that shift-left mindset to increase application security and release velocity, while reducing cost and risk.

The report also considers how to evaluate vendors’ capabilities to provide security-related insights, automation, and compliance closer to the developer—earlier in the development workflow—addressing ways to reduce risk while writing code, storing code, and deploying it across process and pipeline. Among our findings:

  • Development security tooling reduces risk and increases developer velocity by applying and enforcing “shift-left” security practices.
  • Developer security tooling automation can close the gap between security engineers and developers without sacrificing development speed.
  • Developer security tooling integrates with existing development and operational tools to increase the visibility of security-related events across development, operations, and security teams.
  • Developer security tooling delivers value by building on software and architecture (cloud and on-prem) vulnerability scanning, application and infrastructure hardening, and other well-established areas of IT security.

Developer security tools and a “shift-left” mindset are key building blocks for helping enterprises reduce the security risks associated with building and deploying applications. In addition to establishing security as a first-class citizen across the development workflow, this approach offers more traditional enterprises with long-established software development practices a connection point to leading-edge best practices, enabling them to develop and deliver software both quickly and in compliance with organizational policies.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.

The post Key Criteria for Evaluating Developer Security Tools appeared first on Gigaom.

Continue Reading

Trending