Trainee responsible for biggest leak in Apple’s history

Apple suffers major info breach, as data of 800 000 Swiss citizens is exposed.

In early February 2018, an unknown person posted iBoot source code on GitHub, the code responsible for iOS trusted boot process. The leak is the largest in the history of the company and makes it easier for attackers to hack the operating system of Apple devices.

Further investigation revealed a trainee was involved in the info leakage: his friends, who are experts in jail-breaking, asked him to steal a part of the code. All of the five friends had access to the hacked information. They weren’t planning on distributing the code or using it against Apple.

However, the situation quickly got out of control: one of the friends shared the info with another person who later published the stolen part of the code. At the request of the company, the publication was removed from GitHub, but that did not prevent the code from being spread across the Web.

iBoot source code is the most valuable and is carefully protected. The company will pay off $200 000 for failures and errors found during the system boot. This is the largest remuneration which can be possibly granted within the Apple vulnerability search program.

“Besides employees, their friends might get an access to protected information. The consequences of the info breach are financially disastrous. According to the Cost of Data Breach Study published by IBM, together with the Ponemon Institute, the loss of customers makes an average American company pay $4.13-million dollars. Another 1.5-million-dollar sum is spent on investigation, rehabilitation and litigation,” commented Alexei Parfentiev, SearchInform analyst.

Personal data of 12 thousand bloggers uploaded to Amazon Web Services S3 cloud storage disclosed

Data in the cloud belonging to marketing firm Octoly was exposed in early January 2018. Included in the files was a backup copy of the database with information about marketing operations in Europe and North America.

The erroneous configuration of the cloud storage appeared to be the cause of the incident. As a result, the personal data of 12,000 bloggers promoting the products of such brands as Dior, Estée Lauder, Lancôme and Blizzard Entertainment was exposed. In addition to the bloggers’ personal data, client company information and commercial secrets were compromised.

While the backup copy was deleted a week after the discovery, regularly updated personal data remained accessible until 1 February, 2018. UpGuard experts say according to the cybersecurity risk score scale, the Octoly data leak scored 760 out of the maximum 950 points.

“The problem is that this type of leakage is difficult to detect. It may take months before the company learns about the loss of information. An error in the cloud storage settings is just one of many risks that threaten corporate information,” emphasises Alexei Parfentiev.

“This type of leakage is difficult to detect… it may take months before the company learns about the loss of information. An error in the cloud storage settings is just one of many risks that threaten corporate information.” – Alexei Parfentiev, SearchInform.

Data of 10% of the country’s population exposed by the largest telecommunication company in Switzerland

Swisscom mobile network acknowledged that at at the end of 2017 the personal data of about 800 000 clients (or every tenth Swiss citizen) was compromised. The incident was discovered during a routine check.

Representatives of Swisscom announced that the violators used the access rights of a sales partner. The company also reported on changes to the IS policy: access control was improved, numerous customer data requests at one session were disallowed and two-factor authentication for partners to access the data was introduced.

“Insider’s actions, deliberate or accidental, result not only in reputation loss, but also in financial damage, and the business needs comprehensive protection. According to Gartner, today about half of the world’s companies protect their business using DLP-systems, and in two years their number will grow to 85%. A modern DLP-system helps to detect leaks intercepting events in real time,” said the leading analyst at SearchInform.

Personal info of 2,300 colleagues stolen by a former employee in California

On February 15, 2018, the California Department of Fish and Wildlife sent out a message to the organisation notifying the employees of an incident involving personal data theft.

The incident was discovered at the end of 2017, and it probably took the organisation two months to conduct a proper investigation. A former employee of the department uploaded the personal data of 2,300 colleagues, as well as contractors, to his personal portable device and took it outside of the corporate network.

“According to our research, 47% of information leaks occur due to the former employees’ activity, and the statistics are alarming. The dismissed employees should be included in the risk groups to prevent the company information leakage. Special software will help control the intention of the employees on the verge of quitting,” says Alexei Parfentiev.

Illegal access to state employees’ data revealed thanks to WhatsApp

The Service and Payroll Repository of Kerala (SPARK, India) database containing personal data of Kerala state officials were compromised and confidential information was exposed.

A discussion about salaries of Kerala State Civil Supplies Corporation Limited employees was conducted via a WhatsApp group. The security breach was noted after an assistant manager complained about the distribution of his salary details over the messenger.

The violation of the access to the Supplyco Employee Information and Payroll System with records of employee personal data, credit reports and other information sparked the incident.

“Messengers are popular both for personal purposes and in the workplace. IS specialists think of them as another data leakage channel as well as a useful source of information. WhatsApp drew attention to the fact that the access rights were violated. Thanks to the ability to control the communication channel and employees’ activity, it’s possible to detect such incidents before the consequences get overly oppressive,” summed up the SearchInform specialist.

Download the whitepaper: https://searchinform.com/uploads/sites/1/2018/02/control-of-employees.pdf

https://searchinform.com/threats/guideline-2/