1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

9/26/2017

0 Comments

Major Accounting Firm Deloitte Admits It Suffered Cyber Attack

 
Deloitte cyber attack

Major Accounting Firm Deloitte Admits It Suffered Cyber Attack

​Deloitte, one of the world’s “big four” accountancy firms, admitted that it suffered a cyber attack. The company, however, downplayed the cyber attack saying that "only very few clients were impacted" and "no disruption" to client businesses happened.
 
Deloitte’s clients include 80% of the Fortune 500 companies and more than 6,000 private and middle market companies.
 
British news outlet The Guardian and cyber security journalist Brian Krebs have come out with a different take on Deloitte’s cyber attack.
 
Sources told the British news outlet that an estimated 5 million emails have been accessed by the hackers in the Deloitte cyber attack. A source close to the Deloitte cyber attack investigation, meanwhile, told Krebs that the Deloitte hacking incident involved the compromise of all administrator accounts at the company as well as the company’s entire internal email system.
 
“In addition to emails, the Guardian understands the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information,” Nick Hopkins of The Guardian wrote. “Some emails had attachments with sensitive security and design details.”
 
The Guardian reported that Deloitte discovered the hack in March of this year but the hackers may have had access to the company’s systems since October or November 2016. This hacking period was confirmed by Krebs who said that the Deloitte hacking dates back to at least the fall of 2016.
 
“Deloitte has sought to downplay the incident, saying it impacted ‘very few’ clients,” Brian Krebs wrote. “But according to a source close to the investigation, the breach dates back to at least the fall of 2016, and involves the compromise of all administrator accounts at the company as well as Deloitte’s entire internal email system.”
 
“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators,” Deloitte said in a statement. “The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.
 
A source told Krebs that Deloitte “does not yet know precisely when the intrusion occurred, or for how long the hackers were inside of its systems.”

Cause of the Cyber Attack

​Sometime in October 2016, Deloitte may have sense that something was wrong as the company sent out an email to all its employees in the US calling for a mandatory password reset. The notice includes an advice to pick complex passwords and a warning that employees who fail to change their passwords or personal identification numbers (PINs) by Oct. 17, 2016 wouldn’t be able to access email or other Deloitte applications.
 
According to The Guardian, Deloitte’s global email server was compromised through an “administrator’s account” – an account that has unrestricted access to all aspects of the email server. The administrator’s account required only a single password and didn’t have 2-step verification, sources of The Guardian said.
 
By relying only on a password – single factor authentication, Deloitte’s email system became highly vulnerable to cyber attack.  
 
Hackers nowadays find is easy to hack emails using only a single factor of authentication or a password due to the following reasons:
  • Many people are lazy enough to change the default password.
  • Many use the same password on more than one site.
  • Cyber criminals can steal your password if you download malicious software from the internet and if you click on malicious links in email messages.
 
Prior to the massive hack at Equifax where personal identifiable information like names, Social Security numbers, birth dates, addresses of 143 million Americans, 100,000 Canadians and 400,000 UK residents were stolen, Equifax was a victim of an earlier hacking incident.
 
On May 15 of this year, the Counsel for TALX Corporation – a wholly owned subsidiary of Equifax – informed the Attorney General of New Hampshire about a hacking incident that harvested W-2 tax forms of the employees of the corporate clients of TALX. According to the Counsel for TALX, hackers gained access to the website of TALX and harvested W-2 tax forms of customers by successfully answering personal questions used to reset “PlNs” or passwords to access the website.
 
“Because the accesses generally appear legitimate (e.g., successful use of login credentials), TALX cannot confirm forensically exactly which accounts were, in fact, accessed without authorization, although TALX believes that only a small percentage of these potentially affected accounts were actually affected,” the Counsel for TALX said.
 
“It’s pretty unbelievable that a company like Equifax would only protect such sensitive data with just a PIN,” Avivah Litan, a fraud analyst with Gartner, told Krebs, in reaction to the TALX-Equifax data breach. “That’s so 1990s.” 

What is a 2-Step Verification

Many companies like Google, Facebook and Apple have adopted the 2-step verification, also known as two-factor authentication.
 
The 2-step verification is one of the security measures to help keep bad guys out. An example of the 2-step verification is that of Gmail where you'll be asked to enter your password as usual. In addition to the password, you'll be asked for something else. A code will be sent to your smartphone via text, voice call or mobile app. You can sign in using this code. You can also sign in using a USB security key – a small device that connects to your computer.
 
Can the 2-step verification totally keep the bad guys away? The two-factor authentication offers more protection than logging into an email account without it. This added layer of security can stop certain group of hackers. It can’t, however, stop other sophisticated cyber attacks.
 
The USB security key is considered as more secure compared to the code sent via smartphone. There’s, however, the danger of this device being lost or stolen. Cyber criminals, in the past, have infected mobile devices to steal 2-step verification security codes.
 
Your organization’s entire internal email system could be full of sensitive information. Protecting your company’s email system goes beyond a password – single factor authentication. Email security also goes beyond the two-factor authentication.
 
Contact us today if you need further protection for your organization’s internal email system.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Blockchain
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    Data Privacy
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    Insider Threat
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit