Deloitte ranked #1 by Gartner in Security Consulting for the 5th consecutive year according to their website is hacked! This is due to a weak administrative password.
According to The Guardian, Deloitte discovered the hack in March this year, but believed the hacker or hackers may have access to their systems since October or November 2016. The hacker compromised the firm’s global email server through an “administrator’s account, that required only a single password and no multi-factor authentication.
In theory, if you have access to administrator account you have access to everything within that network. Wow! How they able and continue to be number one in Security Consulting in the world. I guess Gartner needs to do a better job choosing the next #1 Security Consulting for next year. 🙂
From Deloitte Cyber Risk web page. “We help organizations address information and technology risks, such as cyber security, data leakage, identity and access management, and data security.” They are the one who needed help make their infrastructure better. They need an Auditor.
The Register also published some screenshots of seemed to be a collection of Deloitte’s corporate VPN password, user names and operational details were found in a public-facing Github hosted repository.
Image by TheRegister.co.uk
The most interesting captured image is the Windows Server 2012 R2 Windows Update still pending.
— Dan Tentler (@Viss) September 26, 2017
OutOfCredit.com Apply for Credit Cards Online.
As long as you’re connected to the Internet, your security posture will always be challenge. You need to accept that Security is not a Product, it is a PROCESS.
- And Twitter
- Image by pixabay