Hackers accessed emails and file sharing
systems of some customers of cloud provider PCM Inc.
During a May 2019 intrusion, hackers nicked
administrative credentials that the cloud vendor uses for managing customer
accounts in Microsoft Office365 and appeared to want to use stolen information
to perpetrate gift card fraud in a scheme that resembled a breach at Indian outsourcer
Wipro,
according to a report
by KrebsOnSecurity.
“From its investigation, impact to its systems
was limited and the matter has been remediated,” Krebs quoted PCM as saying in
a statement. “The incident did not impact all of PCM customers; in fact,
investigation has revealed minimal-to-no impact to PCM customers.”
Any customers “potentially impacted” by the
intrusion “have been made aware of the incident and PCM worked with them to
address any concerns they had,” the company said.
The hack is particularly troubling to security
pros because the attackers were able to get the administrative credentials used
within Office365.
Jonathan Oliveira,
cyber threat intelligence analyst at Centripetal, questioned “how minimum
impact to customers is the case” since PCM used Office 365 to manage client
accounts.
“The information a cloud provider has about client networks is critical because this can contain internal network topology, critical systems, client administrators etc.,” Oliveira said, which can set up future attacks.
“The PCM breach not only exposed administrative credentials that manage client accounts within Office 365, but also gave hackers unprecedented access to email and file sharing systems for a number of clients,” said Kevin Gosschalk, CEO, Arkose Labs. “This is especially dangerous because proprietary information left vulnerable on file sharing systems or in company email can also be high-value to intruders – and have severe business consequences if compromised.”
Calling the
credential theft “the next level,” Robert Prigge, president of Jumio, saidif hackers can access PCM customers’ Office 365 accounts, they
can access a trove of personal data and sensitive business documents.
“Think about it — if a hacker has access to
your Office 365 account, they can reset your password and lock you out,” said Prigge.
“What’s worse, they may use that same email address as their username for other
online accounts.”
He explained if pa company has “100 employees,
and those employees each have just 10 accounts connected to their Office 365
email addresses, that’s 1,000 accounts associated with your company that the
hackers can potentially.”
It’s becoming easier for criminals “to target
the cloud to utilize stolen passwords, API vulnerabilities or user
misconfiguration to take over accounts and access all information like an
authorized user, thus bypassing all security controls,” said CipherCloud
CEO Pravin Kothari.
“The outsourcing of skills and resources, and the leveraging of third party expertise, has driven global economic growth, but at a hidden cost: increased and unquantifiable cybersecurity risk from third parties,” said Colin Bastable, CEO at Lucy Security, who contended “We are under siege, in an undeclared cyberwar.”
.
0 Commentaires