All is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth.
In the Meadow, our travel is somewhat limited. A number of the residents are retired and just enjoy our simple, natural environment. We may take a walk to Margie’s Ice Cream Parlor and talk about the leaves changing color, or take the short drive to Jerry’s Barbershop for the quick haircut, and catch up on the local gossip.
Other times, we just like to watch television. In this part of the state we don’t have the best reception. Most people subscribe to a paid service for their viewing pleasure. In Brazil, people can subscribe to SKY Brasil. Although a valued service for their television, there has been a relatively serious cybersecurity oversight found.
SKY Brasil is a subscription television service in Brazil. This service is one of the largest in the country. With the issue at hand, Elasticsearch servers were the focal point for the problem. These are used, as the name implies, for powering search functions. For better or worse, this data leak is not the first with this technology.
The term attack is used very loosely with this circumstance. In the traditional sense, this was not truly an attack. There were a number of records open to anyone with internet access for over a week. With the open access for this period, the access and unauthorized exfiltration is expected and likely. This is notable, as anyone who knew where the cache of data was, or could search for it, was able to have full access at their whim. The “attackers” only needed use a tool, e.g. Shodan, and search for servers running Elasticsearch.
For access to their system, there was no authentication required. The servers were not configured to require this, which is surprising on many fronts. The researchers happened to find these by searching for servers titled “digital-logs-prd”. Specifically with these, there was no authentication required. The attacker merely needed to enter a simple command and the indices were available. One of these held 429.1GB of data.
The affected data included up to 32M of SKY Brasil’s client base. This happened to contain, to the benefit of the attackers, the PII for the clients. This included the full name, email address, service login password, client IP address, payment method, phone number, and street address. All of this would be exceptionally useful for the attackers, especially in the short-term, for phishing and other attacks. This included both consumer and business clients.
As if this was not bad enough, this is not the first issue with Elasticsearch. There was also Brazil’s Federation of Industries of the State of Sao Paulo (FIESP) exposing the data of 34.8M users, Fit Metrix exposing 35M records, and a data analytics firm leaked over 57M US clients and 26M companies data.
This unfortunate data compromise brings together the need for cyber- and Info-Sec to be actively applied, not just when there is an issue.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.
Cimpanu, c. (2018, November 29). Sky brasil exposes data of 32 million subscribers. Retrieved from https://www.zdnet.com/article/sky-brasil-exposes-data-of-32-million-subscribers/
Dissent. (2018, November 29). Sky brasil exposes data of 32 million subscribers. Retrieved from https://www.databreaches.net/sky-brasil-exposes-data-of-32-million-subscribers/
Ilascu, I. (2018, November 29). SKY brasil exposes 32 million customer records. Retrieved from https://www.bleepingcomputer.com/news/security/sky-brasil-exposes-32-million-customer-records/
Threat Brief. (2018, November 30). SKY brasil exposes 32 million customer records. Retrieved https://threatbrief.com/sky-brasil-exposes-32-million-customer-records/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!