A misconfigured cloud database exposed over 800 million records linked to WordPress users through hosting provider DreamHost. The 814 million records came from the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In this 86GB database, researchers noted admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps and configuration, and security information, some linked to users with .gov and .edu email addresses. The database was purportedly secured within hours but the damage had already been done.
Cybercrime gang Nobelium, famous for previous attacks against SolarWinds and Microsoft, went back to take another strike at the software company using some unexpected tools. Microsoft said on Friday that an attacker, reported to be the Russia-aligned cybercrime group Nobelium, had slipped into its inner circle through a familiar path. The threat actors were then able to parlay the information from that success into gold, allowing them to launch hacking attempts against several Microsoft customers. On its blog, the company reported that Nobellium was using some techniques that aren’t typically on the top of the nation-state cybercriminal playbook – password spraying and brute-force attacks.
The tech giant reported that the nation-state threat actors targeted specific customers that Microsoft supplied with software. They delineated the victim pool for this round of nation-state threats as primarily IT companies (57%), followed by government entities (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services. The activity was largely focused on US interests, about 45%, followed by 10% in the UK and smaller numbers from Germany and Canada. In all, 36 countries were targeted and Microsoft has discovered three compromised entities that were their customers to date among the targets.
Microsoft also divulged that the Nobelium threat actors obtained entry into Microsoft’s systems through the computer of an infected customer service agent. Through that compromised computer, Nobelium was able to gain entry into important data about Microsoft customers including access to sensitive client data like billing information and the specific services that each customer was using. Other customer account data may also have been compromised. Microsoft sent out warnings to potentially impacted customers, warning them to be cautious about communications to their billing contacts that could be cybercrime-related. They also warned clients that they should consider changing the credentials, usernames and email addresses related to those accounts, as well as barring old usernames from logging in.
Everyone Faces the Same Hazards
That’s familiar-sounding advice. No matter how big or small a company is, the same little things can create big problems. Like compromised credentials. An estimated 60% of the information that was on the pre-pandemic dark web could be damaging to businesses and 22 billion new records were added in 2020. That stock of stolen credentials just received a big boost from what experts are calling the largest credential file to ever hit the dark web at once in the RockYou2021 password leak. This is one major reason why old usernames and passwords are bound to be problematic, and zombie accounts are a risk to every business. If companies aren’t using dark web monitoring, they may not know about the danger that they’re in from these ghosts of the past.
Another pitfall that businesses may not be considering is the danger that they face from the less glamorous types of cyberattacks like password spraying and brute-force attacks. While those threats aren’t likely to make headlines, they aren’t as uncommon a major factor in data breaches as they may think. In the 2021 Verizon Data Breach Investigations Report, researchers estimated that 60% of data breaches involve stolen or lost credentials and employ brute force attacks. Almost a quarter of breaches last year were done through credential stuffing- with 95% of them getting hit with between 637 and 3.3 billion credentials in order to force entry. Password-based attacks can be nearly eliminated through the addition of multifactor authentication to a company’s security toolbox – yet more than 50% of companies aren’t using it.
It pays to put strong protections in place immediately before an expensive cybercrime disaster comes knocking on your door as it did for 80% of other businesses in 2020 – especially one that can be easily prevented.
Contact our solutions experts today for a customized risk assessment.
