Nov 20, 2019

Analyst Breach Insights, Week of November 20: Undetected Breaches, Accidental Exposure, and VPN Risks

7

The Story:

Orvis Leaked Hundreds of Internal Passwords via PasteBin

The Story:

Our Take:

NordVPN Datacenter Breached

The Story:

Our Take:

Extensive Personal Health Information Exposed in Solara Medical Data Breach

The Story:

Solara Medical Supplies reported that its system had been breached and exposed for several months. Multiple employees clicked on a phishing email that resulted in an outsider being given access to their Office365 accounts. The breach was discovered on June 28, 2019, and the accounts were exposed from April 2 through June 20. A large amount of information from patients and employees were compromised, including highly-sensitive data like SSNs, medical information, passwords, billing info, etc.

Our Take:

Once again, we see a breach that went undetected and unmitigated for a very long period of time. We aren’t given many details, but the information that is here does serve as a reminder of the different ways that vulnerabilities can be exploited — even human vulnerabilities, as is the case with phishing attacks.

We could not help but compare this situation to a recent phishing attack that Dtex detected and investigated at a financial institution. The phishing email and resulting malware slipped through email security and AV defenses, though Dtex alerted on it immediately. More importantly, that situation was resolved within hours because the team was able to quickly and accurately answer the questions that they needed to understand what happened and who was affected. Based on the information we have, that doesn’t seem to be the case with Solara’s situation.

“There are a lot of questions implied within this breach,” Spadaccini said. “How did they know that it was a phishing attack? Who told them? How did they know that multiple employees clicked on it, and who? They were able to figure it out, but it took a long time to put together those answers, and the breach itself went undetected for months.”

Conclusion: It’s always about the answers.

Multiple breaches in this week’s round-up draw into sharp focus the inherent weaknesses in relying on threat intelligence or EDR solutions alone. More than one of these breaches involved an exploit that went undetected and a breach that remained active for a very long period of time. Mitigating this problem requires visibility, yes, but it also requires that data to be contextualized within the bigger picture and easily accessible.

“It’s not just about having a large raw quantity of data,” Spadaccini said. “If I had all the time in the world, I could sit here and build you a spaceship. But if I called NASA, I could be there tomorrow. With a large amount of manual work and a large amount of data, you might be able to find these answers, but how long will it take you? Can you do it in seconds? Can you do it over hundreds of thousands of endpoints? These are the questions that organizations need to be asking themselves if they want to avoid breaches like these.”

Subscribe today to stay informed and get regular updates from DTEX Systems