Hackers accessed emails and file sharing systems of some customers of cloud provider PCM Inc.
During a May 2019 intrusion, hackers nicked administrative credentials that the cloud vendor uses for managing customer accounts in Microsoft Office365 and appeared to want to use stolen information to perpetrate gift card fraud in a scheme that resembled a breach at Indian outsourcer Wipro, according to a report by KrebsOnSecurity.
“From its investigation, impact to its systems was limited and the matter has been remediated,” Krebs quoted PCM as saying in a statement. “The incident did not impact all of PCM customers; in fact, investigation has revealed minimal-to-no impact to PCM customers.”
Any customers “potentially impacted” by the intrusion “have been made aware of the incident and PCM worked with them to address any concerns they had,” the company said.
The hack is particularly troubling to security pros because the attackers were able to get the administrative credentials used within Office365.
Jonathan Oliveira, cyber threat intelligence analyst at Centripetal, questioned “how minimum impact to customers is the case” since PCM used Office 365 to manage client accounts.
“The information a cloud provider has about client networks is critical because this can contain internal network topology, critical systems, client administrators etc.,” Oliveira said, which can set up future attacks.
“The PCM breach not only exposed administrative credentials that manage client accounts within Office 365, but also gave hackers unprecedented access to email and file sharing systems for a number of clients,” said Kevin Gosschalk, CEO, Arkose Labs. “This is especially dangerous because proprietary information left vulnerable on file sharing systems or in company email can also be high-value to intruders - and have severe business consequences if compromised.”
Calling the credential theft “the next level,” Robert Prigge, president of Jumio, saidif hackers can access PCM customers’ Office 365 accounts, they can access a trove of personal data and sensitive business documents.
“Think about it — if a hacker has access to your Office 365 account, they can reset your password and lock you out,” said Prigge. “What’s worse, they may use that same email address as their username for other online accounts.”
He explained if pa company has “100 employees, and those employees each have just 10 accounts connected to their Office 365 email addresses, that's 1,000 accounts associated with your company that the hackers can potentially.”
It’s becoming easier for criminals “to target the cloud to utilize stolen passwords, API vulnerabilities or user misconfiguration to take over accounts and access all information like an authorized user, thus bypassing all security controls,” said CipherCloud CEO Pravin Kothari.
“The outsourcing of skills and resources, and the leveraging of third party expertise, has driven global economic growth, but at a hidden cost: increased and unquantifiable cybersecurity risk from third parties,” said Colin Bastable, CEO at Lucy Security, who contended "We are under siege, in an undeclared cyberwar.”