Samsung hit with data spill, exposed credentials; Former worker intentionally damages Oregon Medicaid System
Last week, news broke that a development lab used by Samsung engineers was leaking highly sensitive source code, credentials and secret keys for several internal projects — including its SmartThings platform. The instance, used by staff to share and contribute code to various Samsung apps, services and projects, was spilling data because the projects were set to “public” and not properly protected with a password, allowing anyone to look inside at each project, access and download the source code.
A security researcher who discovered the exposed files said one project contained credentials that allowed access to the entire AWS account that was being used. Many of the folders contained logs and analytics data for Samsung’s SmartThings and Bixby services, as well as several employees’ private GitLab tokens stored in plaintext - which allowed him to gain additional access from 42 public projects to 135 projects, including many private projects.
“This is a classic, although devastating example of insider threat. Not all data breaches are malicious in nature. Human error is the primary contributor in a large proportion of cases, but if you happen to be ‘patient zero’ in an embarrassing and potentially costly breach such as this, the potential impact can be very wide-reaching indeed. Reputational damage, loss of clients and revenue, consequential risk to jobs and careers all combine to pile pressure on the culpable.” - Brian Higgins, Security Specialist at Comparitech.com, as featured on InformationSecurityBuzz
A former Hewlett Packard Enterprise worker has pleaded guilty in federal court to intentionally damaging an Oregon Medicaid system and causing it to fail a few days after he was laid off by the vendor.
Prosecutors say Hossein Heydari was formerly employed by Hewlett Packard Enterprise as a system administrator and technical support specialist located in Maryland. As part of a Hewlett Packard contract with the Oregon Health Authority, Heydari had remote administrative access to Oregon's Medicaid Management Information System servers. Three days after he was laid off by Hewlett Packard, according to the DOJ, he intentionally altered part of the MMIS system.
Security experts say the incident is another reminder of the threats posed by insiders - including those employed by vendors - even after they lose their jobs.
"Insiders perform a significantly larger amount of crime and malicious activities than is known…
This does not mean that all insiders with access to sensitive and valuable data and systems will do bad things. However, there are enough opportunists who are in such positions and who know the systems and applications well enough to know how to commit crimes and malicious actions without getting caught." - Rebecca Herold, president of Simbus and CEO of The Privacy Professor consultancy
Taking another lens to the recently published the Verizon 2019 Data Breach Investigations Report, industry publications this week highlighted the sharp increase in the number of C-level executives targeted in social engineering attacks. The report found that senior executives are 12 times more likely to be the target of social incidents, and nine times more likely to be the target of social breaches, than in previous years – likely due to financial motivation.
These findings, in particular, highlight the critical need to educate all levels of employees on the potential impact of cybercrime as well as deploy technologies that deliver consistent, enterprise-wide visibility into all employee behaviors and activities.