[BreachExchange] Cloud provider PCM hacked, customer info likely stolen for gift card scam

Destry Winant destry at riskbasedsecurity.com
Fri Jun 28 10:36:21 EDT 2019


https://www.scmagazine.com/home/security-news/cloud-security/cloud-provider-pcm-hacked-customer-info-likely-stolen-for-gift-card-scam/

Hackers accessed emails and file sharing systems of some customers of
cloud provider PCM Inc.

During a May 2019 intrusion, hackers nicked administrative credentials
that the cloud vendor uses for managing customer accounts in Microsoft
Office365 and appeared to want to use stolen information to perpetrate
gift card fraud in a scheme that resembled a breach at Indian
outsourcer Wipro, according to a report by KrebsOnSecurity.

“From its investigation, impact to its systems was limited and the
matter has been remediated,” Krebs quoted PCM as saying in a
statement. “The incident did not impact all of PCM customers; in fact,
investigation has revealed minimal-to-no impact to PCM customers.”

Any customers “potentially impacted” by the intrusion “have been made
aware of the incident and PCM worked with them to address any concerns
they had,” the company said.

The hack is particularly troubling to security pros because the
attackers were able to get the administrative credentials used within
Office365.

Jonathan Oliveira, cyber threat intelligence analyst at Centripetal,
questioned “how minimum impact to customers is the case” since PCM
used Office 365 to manage client accounts.

“The information a cloud provider has about client networks is
critical because this can contain internal network topology, critical
systems, client administrators etc.,” Oliveira said, which can set up
future attacks.

“The PCM breach not only exposed administrative credentials that
manage client accounts within Office 365, but also gave hackers
unprecedented access to email and file sharing systems for a number of
clients,” said Kevin Gosschalk, CEO, Arkose Labs. “This is especially
dangerous because proprietary information left vulnerable on file
sharing systems or in company email can also be high-value to
intruders – and have severe business consequences if compromised.”

Calling the credential theft “the next level,” Robert Prigge,
president of Jumio, saidif hackers can access PCM customers’ Office
365 accounts, they can access a trove of personal data and sensitive
business documents.

“Think about it — if a hacker has access to your Office 365 account,
they can reset your password and lock you out,” said Prigge. “What’s
worse, they may use that same email address as their username for
other online accounts.”

He explained if pa company has “100 employees, and those employees
each have just 10 accounts connected to their Office 365 email
addresses, that’s 1,000 accounts associated with your company that the
hackers can potentially.”

It’s becoming easier for criminals “to target the cloud to utilize
stolen passwords, API vulnerabilities or user misconfiguration to take
over accounts and access all information like an authorized user, thus
bypassing all security controls,” said CipherCloud CEO Pravin Kothari.

“The outsourcing of skills and resources, and the leveraging of third
party expertise, has driven global economic growth, but at a hidden
cost: increased and unquantifiable cybersecurity risk from third
parties,” said Colin Bastable, CEO at Lucy Security, who contended “We
are under siege, in an undeclared cyberwar.”


More information about the BreachExchange mailing list