Last week hackers published data stolen from CommScope through a ransomware attack. Among the stolen data was employee’s Social Security numbers and bank account details.
The North Carolina-based network infrastructure provider was listed on the dark web leak site of the ransomware gang Vice Society. According to multiple reports, on March 27 the company detected unauthorized access to parts of its IT infrastructure through a ransomware attack.
It is unknown how many employees were affected. After the breach was discovered, CommScope launched a forensic investigation and notified law enforcement.
“This would not be the first time Vice Society – a ruthless ransomware group that has gone after schools and hospitals in the past – has come through on its promise to publish stolen data,” Darren Guccione, CEO and Co-Founder at Keeper Security.
In October, Vice Society published student, employee and contractor data stolen from the Los Angeles Unified schools after the district refused to pay the ransom.
“The problem with paying is that cybercriminals are exactly what their name implies,” said Guccione. “They are criminals, and as such, they cannot be trusted. Paying a ransom provides no guarantee a bad actor will decrypt a victim’s files or reinstate access to their systems. Furthermore, there are ample examples of cybercriminals publishing stolen files to the dark web, even after receiving a payment.”
Security leaders weigh in
“While we don’t know yet how Vice Society was able to breach CommScope, more than 80 percent of breaches happen from weak or stolen passwords, credentials and secrets,” Guccione continues. “No matter how a threat actor accesses the network, the next step is make sure they are unable to go any further. Organizations large and small should implement a zero trust architecture with least access privilege to ensure employees only have access to what they need to do their jobs. Companies should also have security event monitoring in place. Access management software can help with privileged account and session management, secrets management and enterprise password management.”
“Unfortunately attackers were able to steal very sensitive data such as social security numbers, bank accounts information, visa and passports,” said Tomer Bar, Director of Security Research at SafeBreach. “Besides the obvious direct sensitivity of this data, this type of information could be used for future attacks against other targets.”
“It is increasingly hard for organizations to determine the veracity of compromised data in relation to extortion incidents,” said Claude Mandy, Chief Evangelist of Data Security at Symmetry Systems. “While it is an increasingly common tactic for ransomware gangs to leak data, as another way to try to extort money from successful compromise of data access — it may not necessarily be from the same event, but increasingly patched together from multiple prior breaches. We hope Commscope will release more detailed analysis released in due course on the technical details of the ransomware and analysis of the veracity data breach before speculating on what occurred. Like a lot of organizations in similar unfortunate positions, Commscope seems to be reliant on a thorough and costly forensic investigation post the breach to determine what information the gang was successful in exfiltrating, leaving impacted customers waiting to hear whether their information was involved.”