Addresses e-mails from 14 customers (from 7 different companies) were leaked in an attack on New Zealand antivirus developer Emsisoft. The leak, noted on February 3, was result of “configuration error” in the company’s test and benchmark systems, informs Christian Mairoll, founder and managing director.
Emsisoft is the seventh information security company to suffer a cyber attack since December 2020. Before it, the FireEye, Microsoft, SonicWall, Malwarebytes, CrowdStrike and Stormshield also reported security incidents in recent months.
According to Emsisoft, no personal information has been stolen, only the address of 14 users, representing 7 customers. “We determined that the information recorded did not contain any personal information, except 14 customer email addresses from 7 different organizations”, Explains Mairoll.
Although this number is small, it means that cybercriminals now know at least who 7 Emsisoft customers are and which professionals are in charge of this relationship between companies. Based on this data, cybercriminals can organize more elaborate and targeted campaigns, with a higher success rate.
“This is an incident that should not have happened and we are sorry that it […] While that number is small, we still believe that informing all of our customers about the incident is the right thing to do, [explicar] how exactly it happened and what we plan to do to prevent similar incidents in the future, ”writes Mairoll.
As the director explains, at least one cybercriminals accessed the server in question, which is exclusively used for storing technical records, such as logs and update protocols of Emsisoft antivirus. Thus, does not store user data.
“Unfortunately, due to a configuration error, one of the databases was accessible to unauthorized third parties from the 18th of January 2021 until the 3rd of February 2021 [quando foi identificado a falha]. We have reason to believe that at least one individual has accessed some or all of the data contained in that database, ”he writes.
The compromised server was shut down immediately after the failure was discovered and an internal investigation was established. The very next day, the investigation identified it as an automated attack. That is, it was not specifically directed to Emsisoft.
The company reports that, to avoid future incidents like this, will do tests in isolated environments, without internet access and only with artificially generated data, in addition to implementing alternative security measures in case the current defense infrastructure fails.
“We understand the importance of our role as guardians of your information and online security and will continue to work every day to regain your trust […] We would like to offer our sincere apologies, ”concludes Mairoll.
See the original post at: https://thehack.com.br/emsisoft-e-a-setima-empresa-de-seguranca-a-sofrer-um-ataque-cibernetico-desde-dezembro/?rand=48873