Security leaders weigh in on CommScope breach

Image via Pixabay

Last week hackers published data stolen from CommScope through a ransomware attack. Among the stolen data was employee’s Social Security numbers and bank account details.

The North Carolina-based network infrastructure provider was listed on the dark web leak site of the ransomware gang Vice Society. According to multiple reports, on March 27 the company detected unauthorized access to parts of its IT infrastructure through a ransomware attack.

It is unknown how many employees were affected. After the breach was discovered, CommScope launched a forensic investigation and notified law enforcement.

“This would not be the first time Vice Society – a ruthless ransomware group that has gone after schools and hospitals in the past – has come through on its promise to publish stolen data,” Darren Guccione, CEO and Co-Founder at Keeper Security.

In October, Vice Society published student, employee and contractor data stolen from the Los Angeles Unified schools after the district refused to pay the ransom.

“The problem with paying is that cybercriminals are exactly what their name implies,” said Guccione. “They are criminals, and as such, they cannot be trusted. Paying a ransom provides no guarantee a bad actor will decrypt a victim’s files or reinstate access to their systems. Furthermore, there are ample examples of cybercriminals publishing stolen files to the dark web, even after receiving a payment.”

Security leaders weigh in

“While we don’t know yet how Vice Society was able to breach CommScope, more than 80 percent of breaches happen from weak or stolen passwords, credentials and secrets,” Guccione continues. “No matter how a threat actor accesses the network, the next step is make sure they are unable to go any further. Organizations large and small should implement a zero trust architecture with least access privilege to ensure employees only have access to what they need to do their jobs. Companies should also have security event monitoring in place. Access management software can help with privileged account and session management, secrets management and enterprise password management.”

“Unfortunately attackers were able to steal very sensitive data such as social security numbers, bank accounts information, visa and passports,” said Tomer Bar, Director of Security Research at SafeBreach. “Besides the obvious direct sensitivity of this data, this type of information could be used for future attacks against other targets.”

“It is increasingly hard for organizations to determine the veracity of compromised data in relation to extortion incidents,” said Claude Mandy, Chief Evangelist of Data Security at Symmetry Systems. “While it is an increasingly common tactic for ransomware gangs to leak data, as another way to try to extort money from successful compromise of data access — it may not necessarily be from the same event, but increasingly patched together from multiple prior breaches. We hope Commscope will release more detailed analysis released in due course on the technical details of the ransomware and analysis of the veracity data breach before speculating on what occurred. Like a lot of organizations in similar unfortunate positions, Commscope seems to be reliant on a thorough and costly forensic investigation post the breach to determine what information the gang was successful in exfiltrating, leaving impacted customers waiting to hear whether their information was involved.”

Rachelle Blair-Frasier is Security magazine’s Managing Editor. Blair-Frasier handles eMagazine features, as well as writes and publishes online news and web exclusives on topics including physical security, risk management, cybersecurity and emerging industry trends. She helps coordinate multimedia content and manages Security magazine's social media presence, in addition to working with security leaders to publish industry insights. Blair-Frasier brings more than 15 years of journalism and B2B writing and editorial experience to the role.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.