Deloitte Breach

Started by deanwebb, September 25, 2017, 09:33:01 PM

Previous topic - Next topic

deanwebb

Short version: They had a generic admin account for their Azure services, someone figured it out, and that someone was working with folks that copied a lot of files.

:facepalm2:

If you have cloud services, you still have to have good security for those cloud services. I'm losing count of all the cloud leaks that are happening, but that seems to be where the weaknesses are of late. Why worry about breaking through a firewall or an IPS in a corporate datacenter when you can just guess that password for the generic admin account on the cloud setup?

Keep your data local, make a hacker that wants your data get it the hard way and make a hacker that doesn't care about your data in particular skip it because it's hard and he can get that data easier somewhere else.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

ZiPPy

We use them for auditing our financials, and we are a high profile account.  This should be interesting.

Dieselboy


icecream-guy

Quote from: deanwebb on September 25, 2017, 09:33:01 PM
I'm losing count of all the cloud leaks that are happening, but that seems to be where the weaknesses are of late.

Remember clouds don't have walls, they are just pockets of air that hold water like a sponge.
When a cloud leaks, it's called rain.
:smug:
:professorcat:

My Moral Fibers have been cut.

deanwebb

Quote from: ZiPPy on September 26, 2017, 12:46:48 AM
We use them for auditing our financials, and we are a high profile account.  This should be interesting.

Interesting means it starts with a call from Deloitte to your management:

:phone:

Then your management will do this privately:

:kramer:

But they'll be like this publicly:

:disappoint:

Your developers will do this:

:shock:

Your security guys will do this:

:haha1:

And then do this after they're told they have to help clean up the mess:

:ckfacepalm:

And then your developers are all:

:mssql:

And the security guys look at the developers' solution and are like:

:no:

So the developers try again and think they have a fix:

:kidwoohoo:

The network guys have some thoughts on what the developers are hoping they can do in the datacenter:

:wha?:

Then management looks at the cost of all this:

:frustration:

And all the former employees are doing this as they hear the rumors and read the headlines:

:hankhill:

And that, my friends, is what "interesting" means when it comes to a cloud breach.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.