Posted on July 2, 2019 at 10:21 AM
A recent wave of hacking attacks is becoming more and more serious, with even the largest companies apparently not being safe anymore. The most recent victim of such attacks is a large cloud service provider, PCM. According to new information, the service’s internal infrastructure was accessed by an unknown hacking group.
PCM, headquartered in California, is a major provider of a mixture of various solutions, such as hardware and cloud services. The security breach — reported by Brian Krebs, a cybersecurity journalist — was allegedly discovered earlier this year, in May. Krebs’ sources from within the company supposedly admitted that a number of administrative credentials were stolen during the attack, mostly for Office 365 accounts. However, it also appears that the attackers’ main interest is in obtaining stolen data for conducting a gift card fraud.
As mentioned, the attack is believed to be a part of a larger wave, at least according to the method that was used. The hackers used a similar method while attacking other large IT providers recently, and it revolves around phishing attacks.
The attack itself is rather simple — the group responsible would identify as many company-owned email addresses, and then send them phishing emails. They were mostly interested in any type of organization that deals with gift cards, including employee reward programs, recognition businesses, customer loyalty, retailers, and others.
Sooner or later, someone within the company would make a mistake, and hackers would successfully compromise their system. After that, they would infect it with a custom-made malware strain which researchers have taken to calling ‘Mimikatz.’ This particular malware would then access the memory of the infected system, and collect login credentials, including usernames and passwords.
Further, as soon as the infrastructure of the companies’ systems was accessed, hackers would also abuse payment processing services, money transfer services, and clearinghouses. This allowed them to immediately monetize the stolen information. In his report, Krebs speculates that they might be targeting companies that are dealing in gift cards due to the fact that gift cards allow access to liquid assets outside of the traditional financial system used by westerners.
He also speculates that the group responsible for the attack might have started their campaign as far back as in 2016. Back then, they mostly targeted retailers, and they only expanded their list of potential targets in 2018. Further, he believes that the group might have plans to expand again, which is why they could be targeting third-party providers. As third parties collaborate with multiple companies, gaining access to one such service could open the door towards all of its partners.
As for PCM itself, the company admitted that at least some of its customers were affected during the incident, as well. However, they insist that no personal data was lost, as the company was able to deduce after conducting a thorough investigation. According to their official statement, the hackers only managed to gain limited access to the systems. Since the incident, the company allegedly managed to resolve the matter. Finally, they pointed out that those believed to be impacted were already contacted and notified of the incident.
How to protect yourself?
Typically, it is not easy to deduce what exactly happened during the breach, what was stolen, or even how the hackers entered the system in the first place. This is why companies, small businesses, and even individual users are advised to strengthen their security before becoming a victim of one such attack.
Preventing attacks is much easier than stopping them, or dealing with the aftermath. Attackers usually know what they are after, and where and how to find it. As a result, attacks are often done rather quickly, and the victims’ personal data gets leaked into the world. The easiest way to prevent such attacks is to learn how to recognize phishing emails, but also to ensure that none of the devices are vulnerable. They should all have anti-virus and anti-malware software, as well as have all of the apps and programs up to date. Finally, users should use long, complex passwords that would not be easy to guess, and never use the same login credentials on any two or more websites.