Cybersecurity and Backend Servers
Cybersecurity is a hot commodity in the last few years. There seems to be new firms popping up everywhere, all claiming to use the newest tools and a few even claim to have AI built in! While these claims may be mostly generated by the marketing department and the AI is really ML with a nuance, there are a few legitimate firms. One of the newer firms is Data Viper, based in St. Louis, MO. This firm was founded by Vinny Troia, a cybersecurity subject matter expert. Data Viper notes it is an intelligence platform engineered to provide their clients with the largest collection of private information, hacking channels, and exposed databases online. While other firms do this, the nuance to differentiate Data Viper from the others s they provide their clients access to private and undisclosed data. As part of their business model, Data Viper collects exposed information on greater than 8k data breach incidents, including approximately 15B usernames, passwords, and other data. The firm has posed as a buyer or seller of stolen data on the dark web to expand their database
.
Attack
The firm was successfully attacked, with the focus being the firm’s backend servers.
This has been evidenced by the bad actors leaking the database online which was exfiltrated. The attacker not only leaked this, but is also selling the database on the dark web. As part of this, the firm collected data from thousands of security incidents. There may also be information on companies who do no know they had been breached. Within the database being sold is hundreds of GB of data. This includes data from approximately 8,225 databases. These are comprised the information for billions of users from other company’s prior breaches. A portion of this data is from prior breaches, however, what makes this more pertinent is there is other data from companies who have not reported their incidents, indicating they may not know they had been breached.
It is not known how the attackers were able to gain access, or better yet able to stay on the Data Viper network for months to extract all of this data..un-noticed. The attacker is rather unapologetic as it relates to their activities. The attacker’s marketing campaign for this includes posting these for sale in multiple forums, and selling up to 50 of the largest databases on the Empire dark web.
Troia did mention that this was not a case of credential stuffing, but one of the developers accidentally exposing the repository access credentials. Of the options, having an employee make this level of negligence speaks volumes.
Resources
Cimpanu, C. (2020, July 13). Hacker breaches security firm in act of revenge. Retrieved from https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/
Eyerys. (2020, July 15). Leaked databases gathered by cybersecurity company has been stolen by a hacker. Retrieved from https://www.eyerys.com/articles/timeline/leaked-databases-gathered-cybersecurity-company-has-been-stolen-hacker#event-a-href-articles-timeline-deepfake-one-most-serious-ai-crime-threats-researchers-saiddeepfake-one-of-the-most-serious-ai-crime-threats-researchers-said-a
Krebs, B. (2020, July 20). Breached data indexer ‘data viper’ hacked. Retrieved from https://krebsonsecurity.com/2020/07/breached-data-indexer-data-viper-hacked/
Sandle, T. (2020, August 9). Hacker extracts thousands of databases from cybersecurity firm. Retrieved from http://www.digitaljournal.com/tech-and-science/technology/hacker-extracts-thousands-of-databases-from-cybersecurity-firm/article/575794
Securitynewspaper.com. (2020, July 14). How a hacker revenged a cyber security company by hacking and leaking all its data. Retrieved from https://laptrinhx.com/how-a-hacker-revenged-a-cyber-security-company-by-hacking-and-leaking-all-its-data-3738611886/