Posted on June 9, 2021 at 7:28 PM
70 GB Of Data Leaked After A Ransomware Attack On Linestart Integrity Services
A recent report reveals that another pipeline-based business was hit by a ransomware attack. This is coming around the same time threat actors hacked into the servers of Colonial Pipeline and disrupted its operations.
The report also states that it appears the attack happened to both organizations at the same time, but the other pipeline-focused company decided to keep the breach a secret.
Last month, a group that calls itself the Xing Team posted a file on its dark website, believed to have been stolen from LineStar Integrity Services, a company that keeps records for its pipeline-based customers.
LineStar Integrity Services sells technology, maintenance, auditing, and compliance services to customers.
Stolen data contains Social Security cards
The data was discovered online by Distributed Denial of Secrets (DDoSecrets), a Wikileaks-style transparency group.
The file contains 73,500 emails, contracts, accounting files, and other business documents. It also contains 10GB of human resources files and 19GB of software code and data. The stolen files also contain Social Security cards and scans of employee driver’s licenses.
The breach doesn’t seem to have caused any disruption to infrastructure like the one witnessed during the Colonial Pipeline attack. However, researchers have warned that the stolen data could be used by hackers to launch more pipeline attacks in the future.
DDoSecrets recently published 37 gigabytes of the data on its leak site on Monday. The group also stated that it has been very careful not to redact sensitive software code and data. According to DDoSecrets, it could give other hackers the clue to exploits flaws in pipeline software. However, while the unredacted files have been reviewed, it remains online.
Increased rise of ransomware attacks in the U.S.
In recent months, threat actors have intensified efforts to attack organizations. But what is more worrisome is their desire to launch attacks on companies supplying critical resources to the U.S.
In the wake of such an attack, the US government has responded by setting up a committee that will monitor the use of cryptocurrencies as a payment medium to hackers. Other U.S. agencies have also embarked on a hacking-back spree to recover crypto funds initially paid to the hackers as ransom. Right now, it seems the US is experiencing a hacking epidemic, which can have a massive impact on its economy.
The leaked document can be used for further attacks
Joe Slowik, a threat intelligence researcher for security firm Gigamon, commented on the latest data discovery. He stated that although it’s unclear what kind of sensitive information was included in the leaked data, he says it could have details about the physical equipment or software infrastructure utilized by customers of LineStar Services. This will also include the pipeline firm impacted by the breach.
Slowik also stated that any threat actor can use the details for other targets. He added that the most concerning thing is the fact that the stolen data doesn’t contain only driver’s license details or other customer details. It also contains the operational data of the companies as well as their more critical functionality.
The Xing Team is not an old face within the ransomware ecosystem. However, they are considered to be from a Chinese hacking group, but there’s no evidence yet to suggest they are from China.
Ransomware researcher Brett Callow of security firm Emsisoft, also stated that it’s not clear whether the group is based in China or not.
He also noted that the threat actors used a rebranded version of Mount Locker to gain access to the victim’s files.
The researcher also said that the threat actors who steal vital details from a company could set up a smearphishing email that can connect to another company.
Cofounder of DodSecret Emma Best stated that republishing leaked data from an attack on a company can give more information about the company’s environmental scandals.
For instance, the ransomware attack on Colonial Pipeline occurred less than a year after its history of 1.2 million leakages of gasoline in a nature reserve in North Carolina was revealed.