sb-au logo
Story image

Hackers steal data through ‘easy back door’ in massive Deloitte breach

27 Sep 2017

In just the last few weeks we’ve had three major breaches go public. Equifax. Securities and Exchange Commission (SEC). And now, Deloitte.

One of the largest private firms in the US, the sophisticated hack compromised the confidential emails and plans of some of Deloitte’s blue-chip clients. Perhaps worst of all, the cybersecurity attack has gone unnoticed for months with the hackers inhabiting the network and stealing data as it comes.

The hacker gained access to Deloitte’s underbelly via an administrator account, which theoretically would have provided them complete and unrestricted access to all of the data.

According to sources, the account was absent of two step verification and only required a single password to give the hackers access to emails, usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

Last year the company reported a record US$37 billion of revenue, providing auditing, tax consultancy and ironically, high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.

This torrent of recent data breaches makes clear the challenges of commercial and government cybersecurity are continuing to converge.

However, a number of cybersecurity experts affirm all of these incidents were preventable had the affected organisations applied the proper practices and monitored typical behaviour and data access.

“Three major breaches. Three unique challenges. One important lesson learned. The industry must quickly focus on the crossroads between people, process and technology to adequately address these unyielding security threats,” says CTO of Data Protection and Insider Threat Security at Forcepoint, Brandon Swafford.

“The news of Deloitte's breach, reportedly resulting from a lack of multi-factor authentication that led to access of sensitive data in the cloud, highlights that a focus on any one security risk point is not adequate.”

Chris Ross, SVP International at Barracuda says this is another case of the very basic security practices not being followed.

“If the attacker in the Deloitte case got into their global email server through an administrator’s account, then this is a classic case of account compromise,” says Ross.

“Judging by the lack of multi factor authentication, it’s very likely that the brute force attack took place via web access to the email server - potentially by successfully guessing the password.”

Ross says that aside from a very strong password, two factor authentication has become an industry standard, particularly when it comes to admin accounts that have even more access to sensitive data.

“This attack also highlights the need for measures such as email encryption when exchanging confidential data,” says Ross.

“Cyber attackers may be developing ever more sophisticated and well-researched tactics, but not following basic security advice like this is in effect giving criminals a very successful and easy ‘back door’ into your organisation.”

Story image
Veeam reports growth as demand for modern data protection increases
“Even with the unforeseen challenges and circumstances that began in early 2020, Veeam continued its rapid growth with its second consecutive year of bookings over $1 billion."More
Story image
Cyber-risk to critical infrastructure reaches all-time high — report
New research from Nozomi Networks Labs found that attackers are doubling down on high-value targets and weaponising the software supply chain.More
Story image
CISOs, don't underestimate the importance of soft skills
There is increasing importance on Chief Information Security Officers (CISOs) having and developing the skill of emotional intelligence, a new report states.More
Story image
Investing in digital trust for the post-pandemic business landscape
Business leaders in 2021 need to make sustainable investments to give their organisations a much-needed resilience boost to tackle new disruptions, while still enabling growth.More
Story image
Kaseya acquires RocketCyber to bring SOC solutions to more businesses
"With this acquisition, we've doubled down on our security investments to provide our customers with access to experts who can continuously monitoring their IT environments without the cost and complexity of disparate tools.”More
Story image
Three steps to a security-driven network for a stronger security posture
As the threat landscape continues to evolve and organisations stand to lose so much if they fall victim to an attack, it’s essential to ensure that security measures evolve in line with the network itself.More