IN THE AUTUMN OF THE PAST YEAR THE FORCED PERSONS RECEIVED ACCESS TO THE POST SYSTEM OF ONE OF THE REPRESENTATIVES OF THE “GREAT FOUR” CONSULTING COMPANIES – DELOITTE. INCIDENT BECAME KNOWN AFTER THE RECENT PUBLICATION IN THE GUARDIAN.
The publication reports that Deloitte discovered this incident in March, after which an internal investigation was launched and appropriate response protocols were applied. It is reported that the attackers acquired administrative credentials and using them were able to access the mail servers of the company, which are located in the cloud hosting Microsoft Azure. Attackers could access more than 5 million email messages stored in the cloud.
Theoretically, hackers got access to other critical information, such as authorization data of users, architectural diagrams, as well as data associated with the description of the IB infrastructure of Deloitte clients.
Deloitte argues that “only a few clients have suffered from an attack” and so far they know about only 6 confirmed cases of the impact of this incident on the company’s customers. At the same time, the leading expert on the investigation of cybercrime, Brian Krebs on his twitter rightly remarked that the level of damage caused may be slightly higher than what the injured company says about it.
It is possible that during those six months, while the penetration remained unnoticed, hackers managed to hide the traces of their activities or leave backdoors for further attacks.
In addition, many IS experts say that this situation occurred because the administrator account did not use two-factor authentication, that is, Deloitte neglected its own practices to ensure the security of critical assets.
How the attackers could get the administrator’s credentials is not yet known – at moment the investigation is still ongoing.
Do not miss the opportunity to discuss this and other incidents with experts at the annual conference on IT security – UA.SC 2017.