Carelessness Is Just As Risky As Deliberate Exfiltration

Uploaded on 2017-08-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers, TECHNOLOGY--Resilience

The so-called Panama Papers exposed 2.6 TB of information that threatened the reputations and privacy of many of the world’s richest and most powerful figures. If you thought this kind of incident would teach people to be more careful with their sensitive data, you’d be wrong. Very wrong.

You may recall that back in 2015, an anonymous source hacked an email server, exfiltrated data from Mossack Fonseca and passed it to the International Consortium of Investigative Journalists. 

The 11.5 Million documents showed the rampant use of offshore businesses by many wealthy individuals. Journalists from over 107 organisations from 80 countries analysed the documents for more than a year and covered the breach in excruciating (and often humiliating) detail. This information exposed by the Panama Papers was the handiwork of hackers.

Although cyber criminals continue to steal, sell and dump data every day, incredibly, an increasing amount of personal and corporate information is left exposed simply by accident.

Accidents All Too Common
With more of our activities moving online, the growing use of mobile devices, cloud applications and complexity of enterprise IT infrastructure, accidental data exposure is all too common. While large, sophisticated multi-nationals invest millions in cyber security, many third parties with sensitive information often do not have the teams or technology to stay ahead of fast evolving threats.

Unlike the original Panama Papers where data was hacked and exfiltrated, we detected a server that was accidentally exposing 52,000 documents including Know Your Customer applications, bank statements, wire transfers, company formation documents and scans of passports. None of this information is part of the original Panama Papers leak.

Unlike the Panama Papers which were provided to journalists, these documents could already be in the hands of criminals who could use them to blackmail, hold ransom or initiate other crimes.

Risk & Responsibility
Today’s attackers are focused, better armed and more organized. An underground economy exists to outsource attacks, reduce costs and allow more people with lower technical skills to launch more powerful attacks. In addition, with more of our data scattered across more servers, applications and companies, all it takes is one open window or one weak link.

Any device left open, using known TCP or UDP sharing ports, will be scanned by different threat actors several times a week. The number of hours that information is left exposed will magnify the amount of times data gets captured, and disseminated then used, sold and traded in the underground markets. Individuals and organisations must take more responsibility for managing this risk and preventing theft. Data breaches covered by stiffer compliance regulations and breach notification laws are not just cutting short CEO careers, they are costing companies millions.

Companies must monitor for exposure , not only the network perimeter, but also the cloud, IT shadow and third parties, across the deep and dark web , so when it does happen, they can be alerted and respond faster, before more damage is done.

Previous generations recognised Panama as the place where man overcame great obstacles to trade and transport. What will today’s and future generations learn from what happened in Panama last year? Sadly, so far, apparently not much.

Medium:

You Might Also Read:

Biggest Data Leak Ever Exposes World's Most Rich & Powerful:

Search It Yourself: Panama Papers Database Goes Public:

 

« N. Korea Targets S Korea’s Bitcoin Exchange.
US Warship Collisions Raise Cyber Attack Questions »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

MKD-CIRT

MKD-CIRT

MKD-CIRT is the national Computer Incident Response Team for Macedonia.

SQNetworks

SQNetworks

SQNetworks provides a full range of cybersecurity consultancy, services and solutions.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

BIND 4.0

BIND 4.0

Bind 4.0 is an acceleration program geared toward tech startups with solutions applied to Advanced Manufacturing, Smart Energy, Health Tech or Food Tech fields.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

01 Communique Laboratory

01 Communique Laboratory

01 Communique Laboratory is an innovation leader in the new realm of Post-Quantum Cyber Security.

ControlMap

ControlMap

ControlMap is a software as a service platform with a mission to simplify and eliminate stress from everyday operations of modern IT compliance teams.

Mitiga

Mitiga

Mitiga uniquily combines the top cybersecurity minds in Incident Readiness and Response with a cloud-based platform for cloud and hybrid environments.

SecurIT360

SecurIT360

SecurIT360 is a full-service specialized Cyber Security and Compliance consulting firm.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

APCERT

APCERT

APCERT cooperates with CERTs and CSIRTs to ensure internet security in the Asia Pacific region, based around genuine information sharing, trust and cooperation.

Myrror Security

Myrror Security

Myrror Security is a software supply chain security solution that aids lean security teams in safeguarding their software against breaches.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.

Miggo Security

Miggo Security

Miggo is the first Application Detection and Response (ADR) platform on a mission to stop application breaches.