In any case of a hack, there is always a disagreement of the nature and quantum of the data lost and based on it the logical conclusion is drawn that the customer or critical systems are not impacted and they have done what it takes for full remediation. Some press releases or at best in talking to the media, the company version is put forth. Complete denial is unheard of. In the current instance of Oracle, while there are indications to the contrary, Oracle has outrightly denied that its cloud infrastructure services were breached.
While not accepting the official positioning, security experts recommend Oracle customers to independently verify whether they have been impacted or not? They have also been advised to take measures to reduce exposure to its potential fallout. Nonetheless, Oracle remains steadfast in its denial. If the breach has happened, which most would like to believe, The concerns now include attackers leveraging stolen data to infiltrate cloud environments, escalating privileges and reusing credentials for lateral movement across the affected organisations.
What is of critical importance is that the theft of Personally Identifiable Information, PII, could trigger compliance requirements under statutes like GDPR and HIPPA. On a regular basis there is need for timely de-provisioning, password hygiene and multi-factor authentication. There is no denying the fact that there has been a serious breach of the identity and privilege related security. Based on CloukSEK information the attacker appears to have exploited an unpatched vulnerability in Oracle Fusion Middleware, finally compromising Oracle cloud login and authentication system and steal the data.
After Oracle denied the hack, the threat actor rose87168 shared a sample of 10,000 records allegedly taken out from the breach with CloudSK, SOC etc. As per the researchers opinion, based on records, the needle of suspicion points to the Oracle Cloud environment. As per Hudson Rock, some of the cloud customers have recognized the leaked data as their own. This also provides credibility to the breach. Oracle has used language to hide the facts, or to bring out expressions in a very convenient manner, covering themselves fully legally. The approach can be summed up in one single sentence as stated by Beaumont, “Oracle are attempting to wordsmith statements around Oracle Cloud and use specific words to avoid responsibility.”
WE ARE STILL A LONG WAY OFF FROM EVEN REPORTING CYBER CRIME PROACTIVELY WITH TRANSPARENCY.
Sanjay Sahay
Have a nice evening.