🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Protect your sensitive information from unauthorized access and data breaches with CloudSEK XVigil Credential Breaches module, ensuring the security of your valuable data
Schedule a DemoFrom the outset of the pandemic, we have seen a dramatic increase in the number of cyber-attacks and data breaches. And with much success, threat actors are abusing the fear and panic these adverse conditions are causing. As a result, there has been a precipitous rise in the number of COVID-themed trojans, ransomware attacks, as well as scams, and phishing attacks across organizations and verticals. As more organizations shift to remote work, with inadequate policies and strategies in place, they gamble on their own employee and business data security, and privileged controls. And this has served as a catalyst, for an increased number of data breaches, across the globe.
This article delves into the various ways in which data breaches can occur, and safety practices to ensure that you organization is not impacted by:
Cloud misconfigurations have led to massive data breaches. For example, The “Capital One” and “Imperva” data breaches were caused by the disclosure of AWS API keys.
Fugue’s survey shows that 84% of the 300 IT professionals surveyed believe that they are already victims of undiscovered cloud breaches.
As pointed out by the survey, the most common causes of cloud misconfigurations are:
Although Cloud operations take a considerable load off of developers, and facilitate the smooth management and monitoring of multiple services, enforcing proper access control policies, user management, access key management, API access control becomes essential.
Elasticsearch is a search engine that indexes data in the form of documents. Typically, the size of data that this engine indexes is quite large and the indexed result comprises metadata, personal user information, emails or application logs, and more. The service, by default, runs on TCP port 9200. Moreover, most Elasticsearch instances are self-hosted free versions of the software.
CloudSEK XVigil’s Infrastructure Monitor has detected a significant increase in Elasticsearch instances running on the default port. But it is not rare these days. Recently a UK-based security firm accidentally exposed an Elasticsearch cluster, leaking more than 5 billion documents of breached data between 2012 and 2019.
Organizations deploy various applications for internal use. This includes HR management tools, attendance registration applications, file sharing portals, etc. In the event that the entire workforce shifts to remote work, such as times like now, it becomes difficult to track the access and usage of these applications. To top it off, applications are increasingly allowed traffic from the internet, instead of local office networks. As a result, applications and APIs, which lack authentication or use default credentials, are increasingly surfacing on the internet.
In the past couple of weeks, a number of HR Portals, payroll applications, lead management dashboards, internal REST APIs, and shared FTP servers have surfaced on the internet. Most of the applications are self-hosted, and their default passwords can be used to access them. XVigil has detected multiple instances of directories that contain transaction reports, employee information documents, etc. being served without any authentication.
With a remote workforce communicating primarily via text-based channels such as emails, chats and SMS, it has been much easier for phishing campaigns to take advantage of the distributed workforce. Consequently, the number of spear phishing attacks have surged. Barracuda researchers have observed 3 main types of phishing attacks in the last couple of months:
Individuals fall prey to phishing attacks, especially during the pandemic, due to:
Since emails that use the word COVID have higher click-rates now, scammers are increasingly using them as lures to spread malicious attachments. Once the attachment is downloaded and the malware payload is dropped, threat actors can access keystrokes, files, webcam, or install other malware or ransomware. (Access CloudSEK’s threat intel on COVID-themed scams and attacks)
Today, every remote workforce is connected to their personal devices and networks. So, the connectivity of such devices should be secured.
CloudSEK's threat research team has uncovered a ransomware attack disrupting India's banking system, targeting banks and payment providers. Initiated through a misconfigured Jenkins server at Brontoo Technology Solutions, the attack is linked to the RansomEXX group.
On 23 October 2023, CloudSEK’s Threat Intelligence Team detected a Ransomware-as-a-Service (RaaS) group, named QBit introducing a newly developed ransomware written in Go, boasting advanced features to optimize its malicious operations.
Our researchers have found out The Amadey botnet is now using a new Healer AV disabler to disable Microsoft Defender and infect target systems with Redline stealer.
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
min read
Combating data breaches caused by misconfigured apps
From the outset of the pandemic, we have seen a dramatic increase in the number of cyber-attacks and data breaches. And with much success, threat actors are abusing the fear and panic these adverse conditions are causing. As a result, there has been a precipitous rise in the number of COVID-themed trojans, ransomware attacks, as well as scams, and phishing attacks across organizations and verticals. As more organizations shift to remote work, with inadequate policies and strategies in place, they gamble on their own employee and business data security, and privileged controls. And this has served as a catalyst, for an increased number of data breaches, across the globe.
This article delves into the various ways in which data breaches can occur, and safety practices to ensure that you organization is not impacted by:
Cloud misconfigurations have led to massive data breaches. For example, The “Capital One” and “Imperva” data breaches were caused by the disclosure of AWS API keys.
Fugue’s survey shows that 84% of the 300 IT professionals surveyed believe that they are already victims of undiscovered cloud breaches.
As pointed out by the survey, the most common causes of cloud misconfigurations are:
Although Cloud operations take a considerable load off of developers, and facilitate the smooth management and monitoring of multiple services, enforcing proper access control policies, user management, access key management, API access control becomes essential.
Elasticsearch is a search engine that indexes data in the form of documents. Typically, the size of data that this engine indexes is quite large and the indexed result comprises metadata, personal user information, emails or application logs, and more. The service, by default, runs on TCP port 9200. Moreover, most Elasticsearch instances are self-hosted free versions of the software.
CloudSEK XVigil’s Infrastructure Monitor has detected a significant increase in Elasticsearch instances running on the default port. But it is not rare these days. Recently a UK-based security firm accidentally exposed an Elasticsearch cluster, leaking more than 5 billion documents of breached data between 2012 and 2019.
Organizations deploy various applications for internal use. This includes HR management tools, attendance registration applications, file sharing portals, etc. In the event that the entire workforce shifts to remote work, such as times like now, it becomes difficult to track the access and usage of these applications. To top it off, applications are increasingly allowed traffic from the internet, instead of local office networks. As a result, applications and APIs, which lack authentication or use default credentials, are increasingly surfacing on the internet.
In the past couple of weeks, a number of HR Portals, payroll applications, lead management dashboards, internal REST APIs, and shared FTP servers have surfaced on the internet. Most of the applications are self-hosted, and their default passwords can be used to access them. XVigil has detected multiple instances of directories that contain transaction reports, employee information documents, etc. being served without any authentication.
With a remote workforce communicating primarily via text-based channels such as emails, chats and SMS, it has been much easier for phishing campaigns to take advantage of the distributed workforce. Consequently, the number of spear phishing attacks have surged. Barracuda researchers have observed 3 main types of phishing attacks in the last couple of months:
Individuals fall prey to phishing attacks, especially during the pandemic, due to:
Since emails that use the word COVID have higher click-rates now, scammers are increasingly using them as lures to spread malicious attachments. Once the attachment is downloaded and the malware payload is dropped, threat actors can access keystrokes, files, webcam, or install other malware or ransomware. (Access CloudSEK’s threat intel on COVID-themed scams and attacks)
Today, every remote workforce is connected to their personal devices and networks. So, the connectivity of such devices should be secured.