Bad actors are targeting third-parties. Are you protected?

April 12, 2018//Ellen Neveux

Last Updated: November 18, 2020

In the wake of recent breaches, it’s clear that weak security practices between enterprises and their technology providers continue to be at the heart of compromised data.

It’s important to explore these incidents to understand the role of remote access and how third parties have become a target for bad actors.

Vendors are being targeted.

Earlier this month, Delta Air Lines and Sears Holding Corp. disclosed a late 2017 data breach that compromised payment card details of hundreds of thousands of their customers.

Hackers targeted an online chat service provider, [24]7, that the two companies both used. A malware attack allowed unauthorized access to payment card numbers, CVV numbers, and expiration dates, in addition to customers’ names and addresses.

While [24]7 has stated the breach is now contained, the vendor’s reputation and security practices are being reviewed. This incident showcases the growing interest of hackers in enterprise technology providers with access to valuable consumer data.

Remote access security and third-party vendors

Two recent cyber stories offer a telling look at the current state of remote access data hacks.

The alleged kingpin of the Carbanak gang was recently arrested by Spanish National Police. The hacker is thought to be the leader of a sophisticated and notorious cybercrime group that has netted an estimated $1 billion in recent years from more than 100 financial institutions and other industries.

The Carbanak group, also known as Anunak, initially targeted global banking enterprises.  Carbanak developed strong and pervasive social engineering tactics to steal from banks in more than 40 countries, including Germany, China, and the US.

Professional, cautious, and thorough, members of this skilled hacking group used remote access of targets, and then created backdoors, to enable them to return to a previously infected system.

After its successes in banking in 2016, the Carbanak group began to focus on point-of-sale (POS) systems used by the hospitality industry. By infecting POS devices, the Carbanak group established a man-in-the-middle scenario that allowed them to scrape credit card and other information from consumers and agents in hotels, gift shops, and restaurants.

Arrested in Alicante, Spain, the man known as “Denis K.” is thought to be a Ukrainian national. The arrest marks a measure of justice in the vaporous, elusive criminal sphere of cybercrime. While other members of the gang may remain at large, the criminal group as a viable entity may be halted—or at least slowed down.

Although the arrest may put the Carbanak group to rest, the apparent remote breach of services of the city of Atlanta may bedevil the city for some time to come.

Atlanta under siege

On March 22, 2018, city employees arrived at work to find digital files locked up and under the control of SamSam, a cyber-extortion group that infiltrates networks, installs ransomware, and demands payment in exchange for not destroying the data. In this case, the hackers demanded approximately $51,000.

In a news conference, Atlanta Mayor Keisha Bottoms stated, “We are dealing with a (digital) hostage situation.” She also noted that it appeared the hacking group breached the network through remote access.

More than a week later, city systems had been partially restored and it was not clear whether the city paid the ransom or heeded the advice of the Federal Bureau of Investigation (FBI) not to pay. When a network is held ransom, payment can mean the return of files, the return of corrupt files, or files that have been wiped clean out of malice.

Strong, secure remote access and cyber best practices are the smartest game book for defending government and enterprise against attacks made possible by the weak security of remote third party vendors. Whether yours is a financial, healthcare, retail, or other regulated business, loss of data can be crippling, and in some cases, even life-threatening.

Current cybercrime threats are a mix of old methods and new practices. Stay safe by using a secure third-party remote access platform to protect your business and services.

About SecureLink 

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

close close