Cybersecurity and Self-Assessment Tools for Small Businesses

February 26, 2020

Cybersecurity and the Mitsubishi Breach

February 24, 2020

Cybersecurity and Connected Cars

February 21, 2020

Cybersecurity and the Stanford U. Breach

February 17, 2020

Cybersecurity, Photography and the 500px Breach

February 14, 2020

Cybersecurity, Ransomware and Hospitals

February 10, 2020

Cybersecurity and Dating Applications

February 7, 2020

Cybersecurity and Banking

February 3, 2020

Cybersecurity and Credential Stuffing

January 31, 2020

Cybersecurity and Your Finances

January 27, 2020

Please reload

I'm busy working on my blog posts. Watch this space!

Please reload

Gorilla Glue Compromise: Data Not Glued Down

April 23, 2018

|

Charles Parker, II

Gorilla Glue is known for their excellent set of products, and also their commercials. What has not been overly publicized, naturally, is the compromise from last year. The attack was spearheaded by The Dark Overlord. The hackers had previously attacked medical organizations and demanded a significant ransom. The group also attacked West Park Capital, an investment bank.

In this instance the attacker claimed to have over 500GB of data from Gorilla Glue. Included in this mass amount of data was IP, product designs, access to company email accounts, Dropbox, financial spreadsheets, invoices, strategy documents, presentations, contracts with banks, and other confidential documents (Cox, 2016; Bisson, 2016). This was a rather brazen claim. Without some form of authentication, there would be a minimal amount of credibility. To circumvent this issue, The Dark Overlord forwarded 200MB of files to Motherboard (Cox, 2016). These were also forwarded to Gorilla Glue as evidence.

Ransom

As with any attack of this nature, it is presupposed that there would be the threat of releasing the data if a fee is not paid. This was not an exception. As with the two prior victims (a medical group and the investment bank), Gorilla Glue was provided with a “handsome business proposal” (Bisson, 2016). There were two primary options-pay or don’t. The paying has issues of not receiving the data, the data being released later, malware being left on their system, etc. With not paying the immediate threat would have been the release of their data, short-term loss of respect, and damage.

References

Bisson, D. (2016, November 18). Gorilla glue finds itself in sticky situation after hackers steal data.

Retrieved from https://www.grahamcluley.com/gorilla-glue- finds-sticky- situation-hackers- steal-data/

Cox, J. (2016, November 17). Hackers claim theft of data from gorilla glue. Retrieved from

http://motherboard.vice.com/en_au/read/hackers-claim- theft-of- data-from- gorilla-glue

About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.