Incident response (sometimes called cybersecurity incident response) is an organization’s systems and procedures for finding and responding to cyberthreats, security breaches, or cyberattacks. The goal of event response is to prevent cybercrime before it happens, and to minimize the cost and business disruption caused by any cybercrime that occurs.
An enterprise should implement a formal incident response plan (IRP) that defines how all types of cyber-attacks should be identified, contained, and resolved. Having an effective incident response plan will allow cybersecurity teams to identify and eliminate cyber threats faster, thereby minimizing associated costs for lost revenue, regulatory fines, and down-time.
Recently a famous cybersecurity company called CloudSEK got hacked and the attacker has stole data from their company also.
A CloudSEK employee’s Jira password was compromised to get the access to the confluence pages inside company. The attacker had some internal details like screenshots, bug reports, names of customers and schema Diagrams, says the company’s CEO, Mr. Rahul Sasi.
He also mentioned, the suspect is a notorious Cyber Security company that is into Dark web monitoring behind the attack. The attack and the indicators connect back to an attacker with a notorious history of using similar tactics we have observed in the past.
A threat actor, ‘sedut’, recently joined multiple cybercrime forums on 5th and 6th December – claiming to have access to CloudSEK networks, which allegedly led to the compromise of XVigil, Codebase, Email, JIRA and social media accounts. The attacker has zero reputation on Darkweb and created the dark web market account specifically to post CloudSEK-related information.
Here is the screenshots of the dark web page.
Here is a screenshot of the coversation between the buyer and the hacker who posted the advertisement.
The company also has admitted publicly that they have lost valuable information about Customer Names, Customer PO for 3 companies, Multiple screenshots of the product dashboards, and Source code of an automation system.
Here is a screenshot of the lost data:
Also, here’s a screenshot of their in-house discussion in the company dashboard:
When a major organization has a security breach, it always hits the headlines. But when a cyber security company has that breach it creates panic.
Here are the past data breaches like CloudSEK:
The Romanian cyber security firm BitFinder was targeted by a hacker who possibly compromised 400 million customers’ accounts. The company refused to pay the ransom and details of several customers were leaked online by DetoxRansome, the hacker.
Cyberoam revealed that in January 2016, firm was hit right at the end of 2015 with a hack that may have resulted in leakage of its database that contained customer and partner personal details.
There are a number of types of security breaches depending on how access has been gained to the system:
Different techniques were used to gain access to networks as with Yahoo, a phishing attack was used in Facebook’s intrusion.
Remember that a security breach on one account could mean that other accounts are also at risk, especially if they share passwords or if you regularly make transactions between them.
Although no one is immune to a data breach, good security habits can make you less vulnerable and can help you survive a breach with less disruption. These tips should help you prevent hackers breaching your personal security on your computers and other devices.
From detection to prevention, Terraeagle’s approach is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches.
Terraeagle uniquely enables and delivers these elements via a cloud-native architecture to meet the speed, flexibility, and capacity required to fend off modern attackers and stop cloud breaches. It delivers a single lightweight agent for prevention, detection, threat hunting, response, remediation, and cloud security posture management and hygiene. The option to be fully managed 24/7 by Terraeagle security experts is also available.
Terraeagle’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network.
Found this article interesting? Follow Terraeagle on Facebook, Twitter and LinkedIn to read more exclusive content we post.