News Insights: 1.2 Billion Records Found Exposed Online in a Single Server

News Insights:

PerimeterX Security Evangelist Deepak Patel:

“Data breaches have contributed to the rise in account takeover (ATO) attacks and as a result, have been one of the most significant drivers for changes in cybersecurity in recent years. Data breaches have resulted in billions of username and password combinations being available on the dark web. This plethora of credentials–which is now even larger due to this new exposure– has resulted in a 65% year over year increase in ATO attacks in 2019 and $5.1 Billion in losses in 2018.

“ATO attacks can be devastating to users, who lose account access and personal data, and to retailers who experience increased operational costs and reduced revenues. It is imperative for online retailers to quickly review application security protocols and consider additional safeguards against such business logic attacks. Otherwise, these businesses risk compromise and massive damages from ATO attacks including chargebacks, increased customer support requests, lost revenue, brand damage and fines.

Dvir Babila, Head of Product Management,CyCognito 

“This is a massive breach and a major open question is who owned the server behind the breach. Troia noted in the original blog “all we can tell from the IP address (35.199.58.125) is that it is (or was) hosted with Google Cloud.” Determining the ownership of IT assets that exist in the shadows like this requires a lot of fingerprints, and you have to associate those fingerprints with other IT assets exposed on the internet to build a complete picture.

Doing this manually with tons of raw threat intelligence data is very challenging. Applying mathematical techniques, such as a graph data model, works well. With more of every organization’s IT assets living in cloud environments than ever, a new level of automation has to be applied to threat intelligence both for assessing risk and for dealing with post-incident forensics.”

Jason Kent, Hacker in Residence, Cequence Security

“That this sort of data, let alone the size of the database, is available is pretty frightening.  Until now the database information has been contextual, such as financial data from a financial database breach for instance.  Here we see a new and potentially dangerous correlation of data like never before.  If your occasionally used Gmail account is used for Facebook, and someone finds out about it, not that much can happen besides a low-level phishing attempt for Facebook credentials.  The targets and attacks just aren’t worth the time.  However, if an attacker has a rich set of data, they can formulate very targeted attacks.  The sorts of attacks that can result in knowing password recovery information, financial data, communication patterns, social structures, this is how people in power can be targeted and eventually the attack can work.

This looks like some very sophisticated data mapping and correlation of not only breach data from various places but also combined with social media accounts and public data regarding things like home ownership.  Having this much correlation means someone did quite a bit of work to put this together.  Clearly this data has been amassed for a purpose, we can speculate on what that is, but keep in mind that it’s possible to build out fake online identities with very realistic data behind it and use those identities in an automated attack.  This is the sort of thing that should be looked at by the Authorities because of the nature of the sophistication of the data correlation”

Colin Bastable, CEO of Lucy Security

“Once again, businesses are monetizing personal data on a massive scale, and abdicating responsibility for that data after it is sold. Data farmers are not exactly making it hard for organized crime to run lucrative phishing, vishing and CEO attacks.  As well as all those “legit” calls, spam emails and texts, this data exposes people to significant risk of loss through cybercrime. Until consumers are given complete rights over the use of their data, it will continue to be aggregated, sold and resold with no consequences for the monetizers, but with long-term consequences for consumers.”