![]() MFA Saves the Day for CloudSEK Multi-factor authentication (MFA) is the gold standard in network security. CloudSEK confirms that no customer credentials and VPNs have been compromised, contrary to the attacker’s claims. In terms of actual damage, the attackers only managed to compromise the names and purchase orders of three customers - a relatively minor cost compared to other data breaches affecting millions of users. The screenshots of Elastic DB, MySQL Schema, and xVigil, were taken from training documents stored on either Jira or Confluence. This is also evident from the screenshots on the darknet. What CloudSEK is admitting, however, is that the cybercriminals accessed Jira tickets and internal Confluence pages. On further investigating the leak, CloudSEK determined that besides a few purchase orders and some customer information, most claims made by sedut are false - CloudSEK’s database and code are both secure. CloudSEK’s database was going for USD10,000, and the code for USD8,000. Later, in December, posts appeared on darknet forums selling the company’s stolen information. But the provider supposedly returned the laptop with a new Windows version and a stealer malware (Vidar). The breach occurred when CloudSEK approached a third-party provider (Axiom) to repair a laptop one of the employees was using. The blog revealed that the security breach dates back to late November 2022. They also confirmed that “…the attacker has some internal details like screenshots, bug reports, names of customers, and schema diagrams.” Cybercriminals Breached Jira Application, but Couldn’t Do Much Damage Despite bold claims, the attacker has released no real data on CloudSEK. Back in October, CloudSEK documented a Jira software vulnerability that cybercriminals were actively exploiting in the wild.ĬloudSEK’s blog further informed the public that their team is investigating the data breach that occurred after “an employee’s Jira password was compromised…”. CloudSEK suspects it to be the work of a rival cybersecurity firm, as the attack does not indicate a typical cybercrime group. In the CloudSEK blog, the company invalidated many of the cybercriminals’ claims of the breach’s extent. Sedut has no reputation on darknet forums, indicating they set up a new account to release CloudSEK’s data. The compromised information includes XVigil, ProjectX, Codebase, Jira, email, and social media accounts. According to company sources, the threat actor, sedut, has offered to sell the sensitive CloudSEK information on darknet forums. They acquired this through malware installed on the employee’s laptop, confirmed CloudSEK in a blog released to update the public on the breach. The network remains secure.Ĭybercriminals have acquired a CloudSEK employee’s Jira credentials and Confluence documents. Cybercriminals acquired Jira credentials from a compromised laptop at CloudSEK.
0 Comments
Leave a Reply. |