November 4, 2013
"TRUST US; YOUR DATA IS SECURE" states the Data Security page on CorporateCarOnline' s website but it didn't stop the cyber gang responsible for LexisNexis, Adobe, PR Newswire and many other breaches.
On September 28, Hold Security Deep Web Monitoring identified a database with nearly 10 million records on the same server where Adobe and PR Newswire data was found. It was identified to belong to CorporateCarOnline, who later confirmed the ownership.
CorporateCarOnline is an online software provider for limousine transportation reservation solutions.
Journalist Brian Krebs reports in-depth on the incident - a tragic loss of financial and personal data of hundreds of thousands customers.
The breach most likely occurred on or before September 10, 2013 and there is strong evidence that it was done through a Adobe's ColdFusion exploit.
This compromise affects many but it is also an attack against small businesses everywhere. Keeping your online business secure takes more than an assuring statement. Hold Security's Security Architecture and Security Assessment services for small businesses (and for businesses of all sizes) provide surprisingly affordable solutions of the highest quality and effectiveness. We make operating an online business security headache-free.
Hold Security apprised Visa, Mastercard, Discover, and AmericanExpress of the breach and each of these companies are taking steps to protect the victims.
October 16, 2013
The same group of cyber criminals responsible for LexisNexis, NW3C, and Adobe breaches also had stolen data that belongs to PR Newswire. Partial website source code and configuration data along with a database of PR Newswire customers was found on the same server where Adobe System’s source code was located.
Cleverly disguised as an image, an archive of PR Newswire was found on hackers’ repository server. The database date appears to be from March 8, 2013 but it is unclear yet if the breach had happened at the same time or at a later date as the archive was created on April 22, 2013.
While we are presently unaware of any deviant abuse of the stolen data, this breach casts a number of questions about the intentions of the hackers. Given the financial motivation of this hackers’ group, PR Newswire is an unlikely target and it might have been a target of opportunity.
On the other hand, considering criticality of major announcements done through PR Newswire, it is possible that savvy malicious individuals might use unannounced press releases or even manipulate major announcements to gain a competitive financial edge on the stock market.
Hold Security worked with journalist Brian Krebs who contacted PR Newswire to alert them of the breach.
October 17, 2013
Hold Security’s Deep Web Monitoring confirms today that PR Newswire was not a random target for the hackers. There is evidence, dated February 13, 2013, of a large-scale attack targeting PR Newswire’s multiple networks hitting over 2,000 IP addresses using ColdFusion exploits. The attack was sourced from a different server also used by the same group of hackers. If this attack resulted in a breach, it is possible that the hackers had access to PR Newswire infrastructure longer than previously thought.
October 3, 2013
Hold Security’s newly announced Deep Web Monitoring Program working with journalist Brian Krebs informed Adobe Systems Incorporated that source code for their flagship products has been found on servers of known hackers responsible for breaches of LexisNexis, Kroll, NW3C, and many other sites.
Over 40 Gigabytes in encrypted archives have been discovered on a hackers' server that appear to contain source code of such products as Adobe Acrobat Reader, Adobe Acrobat Publisher, and the Adobe ColdFusion line of products. It appears that the breach of Adobe's data occurred in early August of this year but it is possible that the breach was ongoing earlier. While it is unclear at this time how the hackers obtained the source code and whether they analyzed or used it for malicious purposes, it appears that the data was taken and viewed by unauthorized individuals.
This breach poses a serious concern to countless businesses and individuals. Adobe products are installed on most end-user devices and used on many corporate and government servers around the world. While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits.
About Hold Security
Hold Security’s Incident Response and Investigation Practice worked on numerous breaches where the clues and extrapolations of vital data about the perpetrators, information about the breach, and even the stolen data has been found in the “dark corners of the Internet”. Through our numerous resources, we continuously monitor underground forum communications, chat channels, and data exchanges between the most notorious cyber criminals. This “Deep Web Monitoring” service has been very successfully utilized by our existing customers as an extra value.
Today, with the news of Data Broker Giants Hacked by ID Theft Service and Hold Security investigators’ contributions to the story, we are proud to announce the first public offering of our Deep Web Monitoring services to select customers.
Here are some statistical facts about the Deep Web Data gathered just in the past few months:
Approximately 70 million e-mail addresses stolen by spammers, hackers, and botnets. Most of them accompanied with passwords.
30,000 compromised systems from around the world
200,000 stolen financial accounts
Hundreds of zero-day exploits and malware
Dozens of botnet controllers
Over 4,000 cyber-criminals’ dossiers updated
We can help you to find out who is targeting or exploiting data of your company, your employees, or your customers! We can help you identify many zero-day threats before they do any damage!