Cyber Intelligence Weekly

Cyber Intelligence Weekly (February 26, 2023): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Also, we are always looking for great people to join our team. If you know anyone who fits the profiles for any of our open positions, drop me a line and let me know!

Before we get started on this week’s CIW, I’d like to highlight a great article on practical strategies for security awareness training by our very own Shir Butbul. We see lackluster employee awareness training programs all too often, and our team is very passionate about turning employees into your greatest assets against cyber-attacks. If you’d like to learn more about how we can help you turn your program into something to be proud of, please reach out today!

No alt text provided for this image
https://echeloncyber.com/intelligence/entry/practical-strategies-to-level-up-your-organizations-information-security-awareness-and-training-program

Away we go!

1. Atlassian Investigates Breach as Hackers Publish Stolen Data Online

Atlassian, the Australian company currently valued around $46 billion, and maker of popular software for project management and collaboration such as Trello, Jira and Confluence has reportedly been hacked, according to an article by Cyberscoop.

No alt text provided for this image

On its Telegram channel and hacking forums, a threat actor named “SiegedSec”, whose members have claimed to be hacktivists, declared that it had "hacked the software company Atlassian." They released 35 MB worth of internal Atlassian data. The data file supposedly has the contact details of 13,000 Atlassian employees, including names, email addresses, and phone numbers, and two image files purportedly carrying floor plans of Atlassian buildings in San Francisco and Sydney.

The data is supposedly from a third-party system from a company named Envoy. Envoy sells software for workplace management (e.g.; visitor management, conference room booking, flexible workplace desk booking, etc.). The system in question does not apparently have customer data, which is the good news. The Envoy system was apparently accessed by the threat actors using valid credentials of an Atlassian employee that were accidentally posted in a public repository by the employee. This just goes to show that not every breach requires sophisticated malware or hacking skills, sometimes just a simple employee mistake can cause the greatest impact.

If it seems like Atlassian has been in the news a lot lately, it is because it has been. Atlassian reported that Confluence Server and Data Center software had a major vulnerability that was publicly revealed by them on June 2, 2022. This vulnerability allowed attackers to run arbitrary code on victims' computers.

2. Pepsi Bottling, Where’s My Data?

Pepsi Bottling Ventures, LLC recently released a consumer notification letter detailing a data breach that occurred in late December last year. According to the letter, Pepsi Bottling Ventures learned that there was unauthorized activity on its systems as of January 10, 2023. The letter continues to explain that threat actors accessed systems on or around December 23, 2022, installed malware, and downloaded certain information contained on those systems. They state the last known date of unauthorized access to systems was January 23, 2023.

Names, addresses, email addresses, financial information, Social Security numbers, license numbers, information from ID cards and passwords, benefits information, health insurance information, medical history, health and health insurance claims, and digital signatures are examples of stolen personal information.

No alt text provided for this image

A company-wide password reset request was sent to all employee accounts, according to the notification letter, as part of its efforts to limit the situation and enhance security. It is unclear whether ransomware was part of the attack or not. Often times, organizations that require strict up time to keep their businesses humming are prime targets for ransomware operators. It strikes me as a little out of the ordinary that personal data was the target of this attack, perhaps more information will be divulged in the coming weeks.

3. Sensitive US Military Emails Exposed on Misconfigured Server

In a new story according to TechCrunch, the US Department of Defense (DoD) has shut down an unsecured server that was leaking internal emails from US military systems, to anyone who knew where to look. The server, which was part of a government mailbox system that housed gigabytes of internal military correspondence, was hosted on Microsoft's Azure platform. Through notification from a security researcher, TechCrunch claims that a simple configuration error made it possible for anyone with the server's IP address to access sensitive data with just a web browser and no password.

The exposed server was housed on a DoD server that was part of Microsoft's Azure government cloud, which uses servers that are physically isolated from other commercial customers and can therefore be utilized to share private but unclassified government information. The exposed server was a component of an internal mailbox system that included around three terabytes of internal military emails, much of which were regarding U.S. Special Operations Command (USSOCOM), the American military organization responsible for carrying out special military operations.

No alt text provided for this image

The unprotected server was identified by a security researcher, Anurag Sen. According to the TechCrunch story, none of the data that was viewed by the reporters/researchers appeared to be classified in nature, and the data seemed consistent with USSOCOM’s civilian network. A USSOCOM spokesperson communicated to TechCrunch that, “…no one hacked U.S. Special Operations Command’s information systems.”

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about


Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.