Posted on

Conduent Suffers Ransomware Attack, Data Breach

IT Services Giant Conduent Suffers Ransomware Attack, Data Breach. Computer Business Review CBR reports Conduent, a $4.4 billion by revenue (2019) IT services giant, has admitted that a ransomware attack hit its European operations — but says it managed to restore most systems within eight hours.

Conduent, which says it provides services (including HR and payments infrastructure) for “a majority of Fortune 100 companies and over 500 governments”, was hit on Friday, May 29.

“Conduent’s European operations experienced a service interruption on Friday, May 29, 2020. Our system identified ransomware, which was then addressed by our cybersecurity protocols.

“This interruption began at 12.45 AM CET on May 29th with systems mostly back in production again by 10.00 AM CET that morning, and all systems have since then been restored,” said spokesman Sean Collins.

He added: “This resulted in a partial interruption to the services that we provide to some clients. As our investigation continues, we have on-going internal and external security forensics and anti-virus teams reviewing and monitoring our European infrastructure.”

Conduent Ransomware Attack: Maze Posts Stolen Data

The company did not name the ransomware type or intrusion vector, but the Maze ransomware group has posted stolen Conduent data including apparent customer audits to its Dark Web page.

Security researchers at Bad Packets say Conduent, which employs 67,000 globally, was running unpatched Citrix VPNs for “at least” eight weeks. (An arbitrary code execution vulnerability in Citrix VPN appliances, known as CVE-2019-19781, has been widely exploited in the wild by ransomware gangs.)

In early January Bad Packets found nearly 10,000 vulnerable hosts running the unpatched VPN were identified in the US and over 2,000 in the UK. Citrix pushed out firmware updates on January 24.

  • Military, federal, state, and city government agencies
  • Public universities and schools
  • Hospitals and healthcare providers
  • Electric utilities and cooperatives
  • Major financial and banking institutions
  • Numerous Fortune 500 companies

The malware used by Maze is a binary file of 32 bits, usually packed as an EXE or a DLL file, according to a March 2020 McAfee analysis, which noted that the Maze ransomware can also terminate debugging tools used to analyse its behaviour, including the IDA debugger, x32dbg, OllyDbg and more processes, “to avoid dynamic analysis… and security tools”.

Cyber criminals have largely moved away from “spray and pray”-style attacks on organisations to more targeted intrusions, exploiting weak credentials, unpatched software, or using phishing. They typically sit in a network gathering data to steal and use to blackmail their victims before actually triggering the malware that locks down end-points.

The attack follows hot on the heels of another successful Maze breach of fellow IT services firm Cognizant in April.

Law enforcement and security professionals continue to urge companies to improve basic cyber hygiene, from introducing multi-factor authentication (MFA), to ensuring regular system patching.

Posted on

Flipboard Database Hacked

Flipboard Database Hacked — 100 Million Users’ Account Information Exposed – The hackers potentially downloaded data(base) containing Flipboard users’ real name, usernames, cryptographically (salted hash) protected passwords and email addresses, including digital tokens for users who linked their Flipboard account to a third-party social media service.

Source: The Hacker News



Posted on

Hackers Data Breach Equifax For 76 Days Before Being Discovered

Equifax how-it-was-mega-hacked damning dossier lands, in all of its infuriating glory

‘Entirely preventable’ theft down to traffic-monitoring certificate left expired for 19 months

Source: The Register’s Shaun Nichols in San Francisco 

Updated A US Congressional report outlining the breakdowns that led to the 2017 theft of 148 million personal records from Equifax has revealed a stunning catalog of failure.

“Darktrace’s machine learning approach means that our days of battling cyber-threats at the border are over,” commented Paul Martinello, Vice President of Information Technology, Energy+. “Before deploying Darktrace, we had no way of detecting emerging threats, and we had a reactive approach to cyber defense. The Enterprise Immune System protects our network from the inside out, allowing us to catch even the subtlest and most advanced forms of threat at their earliest stages.”

Darktrace Enterprise Network Process Cyber-Security Immune System

The 96-page report (PDF) from the Committee of Oversight and Government Reform found that the 2017 network breach could have easily been prevented had the company taken basic security precautions.

“Equifax, however, failed to implement an adequate security program to protect this sensitive data,” the report reads.

“As a result, Equifax allowed one of the largest data breaches in US history. Such a breach was entirely preventable.”

The report noted some of the previously-disclosed details of the hack, including the expired SSL certificate that had disabled its intrusion detection system for 19 months and the Apache Struts patch that went uninstalled for two months because of that bad cert.

The report states that Equifax’s IT team did scan for unpatched Apache Struts code on its network. But it only checked the root directory, not the subdirectory that was home to the unpatched software. ®

Both issues were blamed for allowing an attacker to compromise the Equifax Automated Consumer Interview System and then spend weeks moving throughout the network to harvest personal records from other databases. It was only when the certificate was renewed that Equifax saw the massive amounts of data being copied from its servers and realized something was very wrong.

While those two specific issues were pinpointed as the source of the attack, the report finds that the intrusion was allowed to happen because the IT operation at Equifax had grown far too large far too fast, without a clear management structure or coherent policies across various departments.

Lousy IT security by design

“In 2005, former Equifax CEO Richard Smith embarked on an aggressive growth strategy, leading to the acquisition of multiple companies, IT systems, and data. While the acquisition strategy was successful for Equifax’s bottom line and stock price, this growth brought increasing complexity to Equifax’s IT systems, and expanded data security risks,” the committee found.

“In August 2017, three weeks before Equifax publicly announced the breach, Smith boasted Equifax was managing ‘almost 1,200 times’ the amount of data held in the Library of Congress every day.”

What’s more, the report notes that Equifax had been aware of these shortcomings for years, with internal audits that found problems in their software patching process back in 2015, and in both 2016 and 2017 a report from MSCI Inc. rated Equifax network security as a “zero out of ten.”

A 2015 audit found that ACIS, a Solaris environment that dated back to the 1970s, was not properly walled off from other databases, a fault that allowed the attackers to access dozens of systems they would not have otherwise been able to get to.

“Although the ACIS application required access to only three databases within the Equifax environment to perform its business function, the ACIS application was not segmented off from other, unrelated databases,” the report noted.

“As a result, the attackers used the application credentials to gain access to 48 unrelated databases outside of the ACIS environment.”

After the pwning of its servers was revealed Equifax blamed its woes on an IT staffer who hadn’t installed the Apache patch, and fired the person. The report makes it clear that there were many more people involved in Equifax’s failings than this one scapegoat.

To help prevent similar attacks from occurring, the report recommends a number of additional requirements for credit reporting agencies to tell people what information is being gathered, how it is stored, and who it is shared with. The report also suggests moving away from social security numbers as personal identifiers and recommends that companies in the finance and credit sectors be pushed to modernize their IT structure. ®

Updated to add

Equifax sent the following statement to The Register

“We are deeply disappointed that the Committee chose not to provide us with adequate time to review and respond to a 100-page report consisting of highly technical and important information,” the company said.

“During the few hours we were given to conduct a preliminary review before they released it yesterday, we identified significant inaccuracies and disagree with many of the factual findings. This is unfortunate and undermines our hope to assist the Committee in producing a credible and thorough public resource for those who wish to learn from our experience managing the 2017 cybersecurity incident.”

The credit biz has yet to identify what in the report is inaccurate.

Customers who viewed this item also viewed

Executive Team

Breaking down the Marriott data breach

The 21 biggest data breaches of 2018

Angela Dingle, Chief Risk Officer, Omnisystems: “Cybersecurity is really a people-problem”

Windows 10’s Built-in Antivirus Is Getting A Massive Upgrade

What We Do

Privacy Policy