Cybersecurity is a hot commodity in
the last few years. There seems to be new firms popping up everywhere, all
claiming to use the newest tools, and a few even claim to have AI built-in! While
these claims may be mostly generated by the marketing department and the AI is
really ML with a nuance, there are a few legitimate firms. One of the newer
firms is Data Viper, based in St. Louis, MO. This firm was founded by Vinny
Troia, a cybersecurity subject matter expert. Data Viper notes it is an
intelligence platform engineered to provide its clients with the largest collection
of private information, hacking channels, and exposed databases online. While
other firms do this, the nuance to differentiate Data Viper from the others s
they provide their clients access to private and undisclosed data. As part of
their business model, Data Viper collects exposed information on greater than 8k
data breach incidents, including approximately 15B usernames, passwords, and
other data. The firm has posed as a buyer or seller of stolen data on the dark
web to expand their database.
Attack
The firm was successfully attacked,
with the focus being the firm’s backend servers.
This has been evidenced by the bad
actors leaking the database online which was exfiltrated. The attacker not only
leaked this but is also selling the database on the dark web. As part of this,
the firm collected data from thousands of security incidents. There may also be
information on companies who do not know they had been breached. Within the
database being sold is hundreds of GB of data. This includes data from approximately
8,225 databases. These are comprised the information for billions of users from
other company’s prior breaches. A portion of this data is from prior breaches,
however, what makes this more pertinent is there is other data from companies who
have not reported their incidents, indicating they may not know they had been
breached.
It is not known how the attackers
were able to gain access, or better yet able to stay on the Data Viper network
for months to extract all of this data..un-noticed. The attacker is rather
unapologetic as it relates to their activities. The attacker’s marketing
campaign for this includes posting these for sale in multiple forums and
selling up to 50 of the largest databases on the Empire dark web.
Troia did mention that this was not
a case of credential stuffing, but one of the developers accidentally exposing
the repository access credentials. Of the options, having an employee make this
level of negligence speaks volumes.
Resources
Cimpanu, C. (2020, July 13).
Hacker breaches security firm in act of revenge. Retrieved from https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/
Eyerys. (2020, July 15). Leaked
databases gathered by cybersecurity company has been stolen by a hacker.
Retrieved from https://www.eyerys.com/articles/timeline/leaked-databases-gathered-cybersecurity-company-has-been-stolen-hacker#event-a-href-articles-timeline-deepfake-one-most-serious-ai-crime-threats-researchers-saiddeepfake-one-of-the-most-serious-ai-crime-threats-researchers-said-a
Krebs, B. (2020, July 20). Breached
data indexer ‘data viper’ hacked. Retrieved from https://krebsonsecurity.com/2020/07/breached-data-indexer-data-viper-hacked/
Sandle, T. (2020, August 9). Hacker extracts thousands of
databases from cybersecurity firm. Retrieved from http://www.digitaljournal.com/tech-and-science/technology/hacker-extracts-thousands-of-databases-from-cybersecurity-firm/article/575794
Securitynewspaper.com. (2020, July 14). How a hacker
revenged a cyber security company by hacking and leaking all its data.
Retrieved from https://laptrinhx.com/how-a-hacker-revenged-a-cyber-security-company-by-hacking-and-leaking-all-its-data-3738611886/
No comments:
Post a Comment