Incident Of The Week: Cloud Security Breach Of PCM Inc.
Attackers stole administrative credentials to Microsoft Office 365
PCM has approximately 4,000 employees, more than 2,000 customers and made about $2.2 billion in revenue in 2018. The sizeable U.S.-based cloud solution provider discovered a digital intrusion in mid-May 2019, where attackers gained access to Microsoft Office 365. This means the hackers had administrative credentials that PCM uses to manage client accounts in the cloud including access to email and file sharing systems.
In April, KrebsOnSecurity broke the news that the Wipro intruders appeared to be after anything they could quickly turn into cash, and used their access to harvest gift card information from a number of the company’s customers. While the motivation of the PCM attacks seems similar in nature to the Wipro attack, it has not yet been confirmed if the two breaches are linked.
See Related: “Inside The Phishy Wipro Breach”
PCM has not yet responded to requests for comment, but in a statement shared with KrebsOnSecurity, PCM said the company “recently experienced a cyber incident that impacted certain of its systems.”
“From its investigation, impact to its systems was limited and the matter has been remediated,” the statement reads. “The incident did not impact all of PCM customers; in fact, investigation has revealed minimal-to-no impact to PCM customers. To the extent any PCM customers were potentially impacted by the incident, those PCM customers have been made aware of the incident and PCM worked with them to address any concerns they had.”
On June 24, PCM announced it was in the process of being acquired by global IT provider Insight Enterprises. Insight has also not yet responded to requests for comment.
Cloud Tops List Of Most Worrisome Threats
In a recent Cyber Security Hub survey, 85.51% of respondents said that cloud will pose more of a threat the rest of 2019. As such, there seems to be two points of view on cloud security. The first is ‘cloud is not safe,’ taken verbatim from the open-ended question at the end of our survey. Another response referenced the First American Financial Corp. title breach (May 2019), due to a ‘misconfigured server security (TBD).’ The respondent added that it was ‘possibly a cloud security configuration issue due to lack of expertise or process.’
This segues into the second point of view on cloud security, which is perhaps summed up best by Randall “Fritz” Frietzsche, CISO and Privacy Officer for Denver Health who says, “There is no cloud … there’s only someone else’s computer.”
In other words, when you’re talking about cyber security, whether it’s on a network or in the cloud, you still need to first start with the basics. You still have to look at risk assessments and vulnerabilities; however, the difference is in the structure. The infrastructure of cloud security may look different versus traditional network security, but the strategy still begins with the CISO and security teams, and has to extend to wherever the data sits in the cloud. Due diligence on sharing compliance and how to assess risk, all with a solid and clear contract with the third party, are essential to protecting the enterprise (no matter the endpoint).
According to Group Director and Senior Analyst for ESG, Doug Cahill awareness on this (among other threats he lists is key): “Employees need to be regularly reminded about the appropriate and vigilant use of email, the web, and cloud apps and how they relate to spear phishing attacks, bogus impersonation emails or data loss.”
Read Last Week’s Incident: “Oregon DHS Target Of Phishing Attack”