Cybersecurity and IT Firms
There are IT firms across the globe on every continent. Even on Antarctica there is an IT function for their networks and other technical equipment. Brazil is no different. Tivit is a Brazilian IT services provider. In addition to this line of business, they also provide other business processes.
Attack
Any attack generally is focused on the target’s data or money. This instance was no different. The attack focused on the Tivit client’s data. There were nine Tivit employees who fell victim to a phishing email campaign. This exposed the client’s credentials online. The successful attack was confirmed by Tivit. For this to be so successful, all it took were the nine employees clicking on a link. The attack was able to gain access to data from 19 other companies. These included the kitchen appliance manufacturer Faber, Swiss insurance company Zurich, Brazilian financial organization Banco Original, software firm SAP, and many more. The attackers were successful enough so that they had gained access to Tivit’s database. Fortunately, the attack scope was limited only to the nine systems breached. The datacenters and client networks were not affected.
Detection
One would think, an IT service provider would have some form of a SIEM present and actively managed. The logs would simply be too huge for a human to make much sense of it. There should be a staff sufficiently supported so when there is an issue, it may be detected and resolved. This was not the case apparently. The breach was not detected by Tivit, but was by DefCON Lab. The signs included this affected various database and servers in the cloud. DefCON Lab found nearly one thousand lines of code contained internal company routines, and credentials of different large enterprise clients. The data appears to have internal process documents for the organization.
Remediation
Tivit was working through the issue. The organization also contracted with a legal resources and IT support firm to ensure this did not happen again.
Comment
It is interesting that an IT company fell victim to a phishing attack. The number of victims was also notable. This issue continues to emphasize the need for employee training, through the year, even for IT companies.
Resources
Cyware. (2018, December 17). Massive data breach hits Brazilian IT firm tivit. Retrieved from https://cyware.com/news/massive-data-breach-hits-brazilian-it-firm-tivit-d47dc056
Mari, A. (2018, December 14). Brazilian IT firm tivit suffers data breach. Retrieved from https://www.zdnet.com/article/brazilian-it-firm-tivit-suffers-data-leak
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.