19 gigabytes highly sensitive data leaked - authorities & banks among the victims
|“In our work to identify vulnerabilities in the IT environment of companies and governmental agencies, we see a huge lack of insight. Not only do the systems themselves have vulnerabilities, but users are also usually easily manipulated. This type of incident is inevitable when the number of vulnerabilities that we see in business-critical systems. I’m surprised that this doesn’t happen more often. That this would be industrial espionage doesn’t sound likely, as all data was eventually published online. However, it may have been a way to make it look like just another ransomware attack. In such a case, it’s for sure unusually advanced.” says Stefan Thelberg, security expert and CEO of Holm Security.|
A ransom attack
Based on the available information, Gunnebo negotiated with the hackers and eventually deciding not to pay the ransom. This most have been a difficult decision for Gunnebo to make and explains the time gap between the end of August until today.
|“Gunnebo does the right thing by not paying the ransom. I wish I could say that it would improve the starting point for other organizations in the same situation. But unfortunately, this becomes a billboard for criminals that shows how devastating it is not to pay. The only winners here are those who today and in the future work even more actively with their cybersecurity defense.” says Stefan.|
Stefan Thelberg describes the most likely scenarios around how hackers managed to come across massive amounts of sensitive data that subsequently got published on the internet.
User manipulation - social engineering
One or more users have been subjected to social manipulation. The most common is that it starts with a regular e-mail message that causes users to install a virus or ransomware. The virus then spreads further in the network and opens access for the hacker. The virus spreads in networks, exploiting known vulnerabilities.
The attack may have been a tailor-made attack aimed specifically at Gunnebo. Most likely, however, is that it was a general attack where they tried to get into several large organizations in a similar way.
One or more systems, probably exposed directly to the internet, got exploited by the hacker, that used it to get further into the systems in Gunnebo's network. Generally, a vulnerability is exploited immediately, giving the hacker control over systems.
Vulnerabilities usually occur because of outdated software or incorrectly configured.
About the author
+46 (0)705-50 74 40