There are IT firms across the globe on every continent. Even
on Antarctica there is an IT function for their networks and other technical
equipment. Brazil is no different. Tivit is a Brazilian IT services provider.
In addition to this line of business, they also provide other business processes.
Attack
Any attack generally is focused on the target’s data or
money. This instance was no different. The attack focused on the Tivit client’s
data. There were nine Tivit employees who fell victim to a phishing email
campaign. This exposed the client’s credentials online. The successful attack
was confirmed by Tivit. For this to be so successful, all it took were the nine
employees clicking on a link. The attack was able to gain access to data from
19 other companies. These included the kitchen appliance manufacturer Faber,
Swiss insurance company Zurich, Brazilian financial organization Banco
Original, software firm SAP, and many more. The attackers were successful enough
so that they had gained access to Tivit’s database. Fortunately, the attack
scope was limited only to the nine systems breached. The datacenters and client
networks were not affected.
Detection
One would think, an IT service provider would have some form
of a SIEM present and actively managed. The logs would simply be too huge for a
human to make much sense of it. There should be a staff sufficiently supported
so when there is an issue, it may be detected and resolved. This was not the
case apparently. The breach was not detected by Tivit, but was by DefCON Lab.
The signs included this affected various databases and servers in the cloud. DefCON
Lab found nearly one thousand lines of code contained internal company routines and credentials of different large enterprise clients. The data appears to have
internal process documents for the organization.
Remediation
Tivit was working through the issue. The organization also
contracted with legal resources and IT support firm to ensure this did not
happen again.
Comment
It is interesting that an IT company fell victim to a phishing
attack. The number of victims was also notable. This issue continues to
emphasize the need for employee training, through the year, even for IT
companies.
Resources
Cyware. (2018, December 17). Massive data breach hits Brazilian
IT firm tivit. Retrieved from https://cyware.com/news/massive-data-breach-hits-brazilian-it-firm-tivit-d47dc056
No comments:
Post a Comment