.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Neho, a Swiss-based online real estate agency.
The Take: Exposure of sensitive login credentials to Neho’s systems, potentially allowing attackers full access to databases, source-code, configuration profiles and more.
The Vector: A misconfiguration on Neho’s website exposed login credentials to their systems to the public, allowing anyone with internet access who obtained these credentials to login as an authenticated Neho user.
This breach is a critical reminder of how important access control is for overall cybersecurity. If an attacker obtains access to vetted credentials, they can pivot their movements into possibly every system belonging to the firm, making the attack an order of magnitude more deadly. Safe and secure storage of login credentials is essential to protecting a firm and their customers.
The Target: Toyota, a Japanese car manufacturer
The Take: Two cloud databases exposed Personally Identifiable Information including: physical address, name, phone number, email address, customer ID, vehicle registration number, and vehicle identification numbers.
The Vector: Several misconfigured cloud databases were left open and unsecured with no password, meaning anyone with an internet connection could have downloaded the data.
Securing access to databases through rigorous password hygiene is an essential component of security, and cloud databases are no exception. Furthermore, the data stolen in this attack can be used for crafting highly effective automotive-based phishing attacks. Regular security compliance reviews can help prevent these breaches.
The Target: NextGen Healthcare, a U.S based maker of electronic records software and management services.
The Take: Exposure of 1 Million records of Personally Identifiable Information including: names, addresses, dates of birth, and social security numbers.
The Vector: An employee’s credentials were compromised through a credential stuffing attack. These breaches rely on employees reusing passwords between platforms, which allowed the attackers to login to NextGen systems.
This breach is a stark reminder of how important authentication controls and password hygiene are in an overall robust cybersecurity posture. Regular social engineering, phishing awareness training, and in this case, tightly enforced password and identity management, are effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
The Target: Brightline, a pediatric mental and behavioural health provider.
The Take: Exposure of Personally Identifiable Information including: full names, physical addresses, dates of birth, member identification numbers, date of health plan coverage and employer names.
The Vector: A zero-day exploit was used to breach a third-party vendor, Fortra, of Brightline’s, targeting their file transfer software which let the attackers gain access to sets of files throughout the third-party vendor’s systems.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
The Target: Peugeot, a France based automobile manufacturer.
The Take: Exposure of company sensitive data including: credentials to a MYSQL database, secure web tokens along with their passphrases and locations of keys, a link to the git repository for the website, and source code.
The Vector: Peugeot’s website based in Peru was hosting an unsecured environment file (.env), which contains credentials for other services used by the program, or website in this case, that the developers are working on. The logins stored here exposed credentials to a third-party software Peugeot used named Symphony, which could let attackers download session IDs and impersonate users.
This breach is a critical reminder to monitor, flag, and properly secure all publicly accessible files on a website, and to furthermore ensure these files are protected by passwords adhering to robust cybersecurity standards of complexity and length. This attack also shows how one exposure of a system can lead to a pivot into other systems. It’s essential to secure all public-facing websites.
The Target: Samsung, a South Korea based technology company.
The Take: Exposure of internal company documents including: meeting notes and sensitive source code.
The Vector: Samsung employees uploaded sensitive information to ChatGPT, an A.I chat service. ChatGPT takes information provided by users to better answer further questions in the future, and as such, the data uploaded will be provided to third-parties at any time without any controls or user authorization.
This breach is a unique insight into how rapidly the A.I development is proceeding. It is critical that employees be aware of what such services are, and the risks involved. External services like ChatGPT takes information inputted with absolutely no accountability or oversight. Any data sent in this way can be considered open to the public.
The Target: SafeMoon, a DeFi platform for cryptocurrency trading.
The Take: Theft of $8.9 million USD.
The Vector: A software feature intended for internal use only was set to public, allowing attackers to exploit and artificially inflate the price of the SafeMoon token and then sell them for large amounts of cash.
This breach is critical reminder that new software features must be thoroughly tested before deployment. In addition, ensuring proper access settings around this kind of software is paramount for an overall robust cybersecurity posture.
The Target: Toyota Italy, one of the world’s largest vehicle manufacturers.
The Take: Exposure of Personally Identifiable Information belonging to Toyota’s clients including: phone numbers and email addresses.
The Vector: Unsecured and exposed marketing tools, namely APIs for Salesforce and Mapbox, were able to be accessed publicly on Toyota Italy’s website. This allowed attackers to access employee credentials to the third-party platforms and exfiltrate client data.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications. Access monitoring and testing for every public-facing webpage is a key strategy to mitigate these kinds of breaches to protect a firm’s customer base.
The Target: Lionsgate Play, a U.S based video-streaming platform.
The Take: Exposure of 30 Million records of User Data including: IP addresses, operating system, user search queries, and web browser information.
The Vector: A misconfigured Elasticsearch database was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This shows how important authentication controls are, and even more critically, that they be purposefully and smartly deployed with security in mind. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
The Target: Community Health Systems, a U.S based multi-state hospital chain.
The Take: Exposure of 1 million records of Personally Identifiable Information including: full names, medical billing and insurance information, diagnoses, medication, date-of-birth, and social security numbers.
The Vector: A zero-day exploit was used to breach a third-party vendor, Fortra, of CHS, targeting their file transfer software which let the attackers gain access to sets of files throughout the third-party vendor’s systems.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy