🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Protect your sensitive information from unauthorized access and data breaches with CloudSEK XVigil Credential Breaches module, ensuring the security of your valuable data
Schedule a Demo
70% of successful breaches are perpetrated by external actors whose attacks originate on the internet. Since these actors don’t have access to your organization’s internal assets or networks, they rely on data available on the internet. With 8.5 billion records compromised, in 2019 alone, adversaries can find an employee’s credentials, or your organization’s API keys, within a few hours. Allowing them to infiltrate your organization, spread malware and ransomware, or steal intellectual property and sensitive documents.Â
Apart from the direct operational impacts, cyber-attacks affect an organization’s hard-earned reputation and revenue as well. Snapchat shares dropped by 3.4% the day after their source code leak was made public. And in addition to the immediate backlash, companies that have experienced a breach, underperform the market by > 15%, even 3 years later.Â
Considering the stakes, it is important to take a closer look at the types of leaked data that threat actors seek out, and ways to effectively prevent them from getting their hands on it.Â
In almost all cyber-attacks affecting an organisation, credentials are involved either as a target of theft or as a means to furthering access in a network. This includes email credentials and hardcoded access credentials that can be used to access confidential emails, systems, and documents.Â
In one of the first major breaches, threats actors uploaded BlackPOS to Target’s point-of-sale (PoS) network, allowing them to steal customers’ credit card information and other personal details. It was later found that threat actors were able to compromise Target servers using credentials stolen from Fazio Mechanical Services. Fazio, Target’s HVAC vendor, had access to Target servers. And since the network was not properly segmented, threat actors were able to compromise Target’s PoS network.
While source code can be exposed on purpose, by malicious insiders, most often it is exposed by developers being careless while pushing code from their machines to GitHub. Leaked source code could potentially expose SSH keys – digital certificates that unlock online resources, Application Programming Interface (API) keys, and other sensitive tokens. Using the source code, threat actors can find vulnerabilities that can be exploited, to launch cyber-attacks on the company.
After discovering one of Daimler AG’s Git web portals, a researcher registered an account on Daimler’s code-hosting portal and downloaded 580 Git repositories from the company’s server. The repositories contained the source code of onboard logic units (OLUs) used in Mercedes vans, which provide live vehicle data. The researcher then uploaded the files to file-hosting service MEGA, the Internet Archive, and on his own GitLab server, thus making it public.Â
Sensitive data such as credit card details, healthcare information, customer PII, etc. often end up on the dark web after being exposed on unsecured databases or cloud storage. This information could be used to launch phishing attacks. It could also lead to your intellectual property being exposed to the public.Â
Mexico based digital media company Cultura Colectiva exposed 146 GB of Facebook user data, including comments, likes, account names, reactions, and Facebook IDs, on an unsecured Amazon S3 bucket. Another S3 bucket, belonging to Facebook integrated app At The Pool, exposed 22,000 Facebook users’ friend lists, interests, photos, group memberships, and check-ins.
As seen from the above examples, despite their best efforts, Target, Mercedes, and Facebook were not able to prevent their data from leaking. This can be attributed to the highly distributed, interconnected, and globalized nature of modern businesses. This means, there aren’t enough resources to monitor every employee, vendor, and vendor’s vendor. But the good news is, if you can detect data leaks in time, and have them taken down, their impact will be greatly reduced.Â
Usually, a data breach lifecycle is 279 days, 206 days to identify a breach, and 73 days to contain it. Instead of 206 days, if a data leak can be identified within a few hours, its presence across the surface web and dark web can be contained. However, this cannot be done manually. The only way to effectively identify and curb data leaks is to adopt AI-driven real-time monitoring. Â
Incorporate processes and tools that ensure data leaks related to your organization are monitored continuously. This includes real-time monitoring of the surface web, deep web, and dark web, for credentials, source code, and sensitive information. Deploy a comprehensive threat monitoring tool such as CloudSEK’s XVigil, whose AI-driven engine scours the internet for threats and data leaks related to your organization, prioritizes them by severity, and provides real-time alerts. Thus, giving you enough time to neutralize the data leaks before it can have adverse impacts on your business.
CloudSEK's threat research team has uncovered a ransomware attack disrupting India's banking system, targeting banks and payment providers. Initiated through a misconfigured Jenkins server at Brontoo Technology Solutions, the attack is linked to the RansomEXX group.
On 23 October 2023, CloudSEK’s Threat Intelligence Team detected a Ransomware-as-a-Service (RaaS) group, named QBit introducing a newly developed ransomware written in Go, boasting advanced features to optimize its malicious operations.
Our researchers have found out The Amadey botnet is now using a new Healer AV disabler to disable Microsoft Defender and infect target systems with Redline stealer.
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
min read
Want to deter threat actors? Start by nullifying your data leaks.
70% of successful breaches are perpetrated by external actors whose attacks originate on the internet. Since these actors don’t have access to your organization’s internal assets or networks, they rely on data available on the internet. With 8.5 billion records compromised, in 2019 alone, adversaries can find an employee’s credentials, or your organization’s API keys, within a few hours. Allowing them to infiltrate your organization, spread malware and ransomware, or steal intellectual property and sensitive documents.Â
Apart from the direct operational impacts, cyber-attacks affect an organization’s hard-earned reputation and revenue as well. Snapchat shares dropped by 3.4% the day after their source code leak was made public. And in addition to the immediate backlash, companies that have experienced a breach, underperform the market by > 15%, even 3 years later.Â
Considering the stakes, it is important to take a closer look at the types of leaked data that threat actors seek out, and ways to effectively prevent them from getting their hands on it.Â
In almost all cyber-attacks affecting an organisation, credentials are involved either as a target of theft or as a means to furthering access in a network. This includes email credentials and hardcoded access credentials that can be used to access confidential emails, systems, and documents.Â
In one of the first major breaches, threats actors uploaded BlackPOS to Target’s point-of-sale (PoS) network, allowing them to steal customers’ credit card information and other personal details. It was later found that threat actors were able to compromise Target servers using credentials stolen from Fazio Mechanical Services. Fazio, Target’s HVAC vendor, had access to Target servers. And since the network was not properly segmented, threat actors were able to compromise Target’s PoS network.
While source code can be exposed on purpose, by malicious insiders, most often it is exposed by developers being careless while pushing code from their machines to GitHub. Leaked source code could potentially expose SSH keys – digital certificates that unlock online resources, Application Programming Interface (API) keys, and other sensitive tokens. Using the source code, threat actors can find vulnerabilities that can be exploited, to launch cyber-attacks on the company.
After discovering one of Daimler AG’s Git web portals, a researcher registered an account on Daimler’s code-hosting portal and downloaded 580 Git repositories from the company’s server. The repositories contained the source code of onboard logic units (OLUs) used in Mercedes vans, which provide live vehicle data. The researcher then uploaded the files to file-hosting service MEGA, the Internet Archive, and on his own GitLab server, thus making it public.Â
Sensitive data such as credit card details, healthcare information, customer PII, etc. often end up on the dark web after being exposed on unsecured databases or cloud storage. This information could be used to launch phishing attacks. It could also lead to your intellectual property being exposed to the public.Â
Mexico based digital media company Cultura Colectiva exposed 146 GB of Facebook user data, including comments, likes, account names, reactions, and Facebook IDs, on an unsecured Amazon S3 bucket. Another S3 bucket, belonging to Facebook integrated app At The Pool, exposed 22,000 Facebook users’ friend lists, interests, photos, group memberships, and check-ins.
As seen from the above examples, despite their best efforts, Target, Mercedes, and Facebook were not able to prevent their data from leaking. This can be attributed to the highly distributed, interconnected, and globalized nature of modern businesses. This means, there aren’t enough resources to monitor every employee, vendor, and vendor’s vendor. But the good news is, if you can detect data leaks in time, and have them taken down, their impact will be greatly reduced.Â
Usually, a data breach lifecycle is 279 days, 206 days to identify a breach, and 73 days to contain it. Instead of 206 days, if a data leak can be identified within a few hours, its presence across the surface web and dark web can be contained. However, this cannot be done manually. The only way to effectively identify and curb data leaks is to adopt AI-driven real-time monitoring. Â
Incorporate processes and tools that ensure data leaks related to your organization are monitored continuously. This includes real-time monitoring of the surface web, deep web, and dark web, for credentials, source code, and sensitive information. Deploy a comprehensive threat monitoring tool such as CloudSEK’s XVigil, whose AI-driven engine scours the internet for threats and data leaks related to your organization, prioritizes them by severity, and provides real-time alerts. Thus, giving you enough time to neutralize the data leaks before it can have adverse impacts on your business.