Cyber Attack on Security Software Company Domain leaks Customer Data

A Cyber Attack on Netherlands based Security Software Company is said to have allowed hackers to take control of its servers and intercept clients’ login credentials and confidential data.

The firm in the discussion is Fox-IT a business subsidiary of NCC Group which suffered a man-in-the-middle attack which lasted for 10 hours and 24 minutes on September 19, 2017.
Although the company informed its customers about the hack via email in the same month, it decided to disclose it to the media last week through its official blog post.

The company says that in the early of Sept 19, an attacker accessed the DNS records for FOX-IT.com domain at our 3rd party domain registrar. The statement of the company says that the hacker initially modified a DNS record on one server to point to a server in their possession and managed to divert the traffic to the new domain for a few hours.

Since, the attack was aimed at the Fox-IT client portal, the document exchange web application, which the company uses for secure exchange of files with customers, partners and suppliers were compromised.

The network admin detected the intrusion only after 5 hours of the cyber attack and then re-configured the DNS server to the company settings.

Deutsch Law Enforcement officials were informed about the data breach the next day and a criminal investigation was ordered.

Almost 12 files were transferred from the company server to the hacker’s platform. But since, the file was protected with 2-factor authentication; the damage is predicted to be minimal.

Note- Fox-IT could have detected the intrusion at an early stage if its network admin actively monitored publicly available transparency records for recently issued TLS certificates for the company’s domain.

But Alas! This did not happen in reality and the damage was done.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display