DailyPost 2818
CYLANCE BREACH
While it is a known fact that once a cyber attack happens, generally the concerned / enterprise does not have the wherewithal to either investigate or get the enterprise back to normal risk free functioning. Even in the best case scenario investigative agencies can do only one part of the job, mostly in that too assistance is required from the industry, given the nature of the task at hand. The assistance of cyber security companies becomes a must. It is taking the consultation and treatment of a doctor when you are sick. But think of a situation when a cyber security company is itself hacked, and there are instances of it.
Cyber security company Cylance recently confirmed a data breach. It confirmed the legitimacy of data being sold on a hacking forum but said that it was old data from a “third party platform.” As per the Dark Web Informer a threat actor called Sp1d3r is selling this stolen data for $750,000. Given the price tag, the natural inquisitiveness is what is the nature and the quantum of the data in question. The data allegedly includes a substantial amount of information such as 34,000,000 customer and employee details, information belonging to Cylance customers, partners and employees.
Bleeping computers researchers are of the opinion that the leaked data samples appear to be old marketing data used by Cylance. BlackBerry Cylance said they are aware of the incident being referred to, and that no “BlackBerry data and systems related to customers, products, and operations have been compromised.” Company has gone through its initial reviews and based on the statement issued, it seems certain that they have done due data diligence / audit, before stating it. It said, “no current Cylance customers are impacted and no sensitive data is involved.”
Based on the investigation / audit conducted so far, data was accessed from a third party platform and seems to be of 2015-2018 vintage. It predates BlackBerry’s acquisition of Cylance product portfolio. The threat actor in this breach, is also selling 3TB of data from “ automotive aftermarket parts provider Advance Auto Parts, stolen after breaching the company’s Snowflake account.” Currently, BlackBerry Cylance is not a Snowflake customer. Based on the inputs of CrowdStrike and Mandiant, Snowflake said that the attackers used stolen credentials to target accounts without multi-factor authentication protection.
GETTING HACKED IS THE NEW NORMAL.
Sanjay Sahay
Have a nice evening.