Zen Managed ServicesZen Managed ServicesZen Managed ServicesZen Managed Services
  • Services
    • Domain Names
    • Managed Cyber Security
    • Secure VPN
    • Hosting
      • Managed WordPress Hosting
      • ColdFusion Hosting
      • Lucee Hosting
      • SmarterMail Hosting
    • Migration Services
    • Managed WordPress
    • Email Filtering & Archiving
    • Acronis Cloud Backup
  • Support
    • Open Ticket
    • Knowledgebase
    • News/Announcements
  • BLOG
  • Contact
  • Clients
    • Client Area
    • Hosting Control Panel
    • RMM Dashboard
NextPrevious

Deloitte hit by major client email hack

By russmichaels | News | 0 comment | 27 September, 2017 | 0

Don’t become a victim of cyber-crime 

Protect your business today

Contact us for a full cyber-security solution

managed cyber security

B

ig Four firm Deloitte had blue-chip clients’ usernames, passwords and personal details stolen in a cyberattack that apparently went unnoticed for months.

A Guardian investigation found that hackers were able to access the firm’s global email system and steal information belonging to the world’s biggest banks, multinational companies and government agencies.

The report stated that Deloitte discovered the security breach in March 2017, but attackers may have had access to the firm’s systems as far back as October 2016.

Details of the breach are minimal, but it does appear that the attackers were able to access the system because the firm did not employ two-factor authentication, meaning that the hackers were able to access the global email system by acquiring a single username and password.

The criminals accessed Deloitte’s global email server through an administrator’s account that, according to sources, gave them unrestricted “access all areas”.

The focus of the attack seems to have been on Deloitte’s American operations. So far six of the firm’s clients have been informed that their information was “impacted” by the hack.

An estimated five million emails from the firm’s 250,000 workforce are stored in Deloitte’s Azure cloud service, which is provided by Microsoft, although the firm claims that a fraction of that number was at risk.

The hackers’ identity is yet unknown, and Deloitte’s New York office is currently undertaking an internal review into the incident codenamed “Windham”.

‘Cyber incident’

Responding to the claims, a Deloitte spokesperson told the Guardian: “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte”.

While it is too early to tell the full extent of the attack, it is particularly embarrassing as Deloitte provides consultancy services on how to manage the risks posed by cyber-attacks.

The setback is the latest in a series to befall Big Four firms in recent weeks. Last week KPMG found themselves embroiled in political scandal after details emerged about its audits of Gupta-owned firms in South Africa.

Deloitte clients should ‘be on guard’

Oz Alashe, CEO of cyber awareness platform CybSafe, told AccountingWEB that the fact hackers now have details of Deloitte clients’ private emails is certainly cause for concern.

“The loss of these email address details could make it easier for fraudsters to commit ‘spear phishing’ attacks, not just on the Deloitte employees, but also on close family and friends,” said Alashe.

“Spear phishing emails are highly personalised versions of the more common phishing scam. Rather than regular phishing emails – generic emails which are usually sent to masses of people at the same time – spear phishing emails appear much more credible to the intended target by using details from an individual’s personal life.

“Deloitte clients need to be on guard for any suspicious emails and links that are sent to their compromised addresses, and they should extend this warning to other colleagues, family, friends and clients. Spear phishing emails can be exceptionally convincing and even the most tech-savvy need to be cautious.”

“Usernames and passwords have also reportedly been stolen. Needless to say, clients who have been affected need to promptly change their Deloitte passwords. If clients have reused their Deloitte password on other accounts, they should immediately look to change these too.”

No tags.

Related Posts

  • New Gmail security features to protect you from phishing and ransomware

    By russmichaels | 0 comment

    Google is rolling out new security features to help organizations halt email as the attack vector for ransomware. While mass ransomware attacks have become less frequent, targeted attacks are on the rise and causing majorRead more

  • cybersecurity

    Updates to our Cybersecurity solution

    By russmichaels | 0 comment

    Bitdefender has recently released Anti-Exploit, Ransomware Vaccine and Zero Day protection to their Gravity zone product. Anti-Exploit provides on-execution protection against exploit attempts targeting known and unknown vulnerabilities in commonly used applications, such as browser,Read more

  • DON’T MISS OUT! – Last chance to claim your .uk domain name

    By russmichaels | 0 comment

    Are you one of the 3.2 million website owners who haven’t registered for the shorter .uk version of your domain name?  Beware. There’s only a few days left to claim the .uk extension … theRead more

  • How to make your Website GDPR compliant

    By russmichaels | 0 comment

    Beginning May 25, 2018, The  GDPR says that users have complete control over their data, and you have to tell them why you need it. At which point, they can give the go-ahead or not.Read more

  • Uniregistry domain name price increases

    By russmichaels | 0 comment

    The registry operator, Uniregistry, has announced a number of significant price increases, taking place on September 8th, 2017 (00:00 UTC). Certain TLDs will have moderate price increases starting at $4, while others will have significant hikesRead more

NextPrevious

Categories

  • News
  • Products & Services
  • Security
  • Tutorials
  • Uncategorized

Recent Posts

  • 7 ways to defend your network from fatal DDoS attacks
  • New Gmail security features to protect you from phishing and ransomware
  • Updates to our Cybersecurity solution
  • DON’T MISS OUT! – Last chance to claim your .uk domain name
  • How to make your Website GDPR compliant

Recent Comments

    Archives

    • November 2020
    • June 2019
    • April 2018
    • March 2018
    • November 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
      Legal Documents
    • Hosting Master Service Agreement
    • Terms & Conditions
    • Privacy Policy
    • Services
      • Domain Names
      • Managed Cyber Security
      • Secure VPN
      • Hosting
        • Managed WordPress Hosting
        • ColdFusion Hosting
        • Lucee Hosting
        • SmarterMail Hosting
      • Migration Services
      • Managed WordPress
      • Email Filtering & Archiving
      • Acronis Cloud Backup
    • Support
      • Open Ticket
      • Knowledgebase
      • News/Announcements
    • BLOG
    • Contact
    • Clients
      • Client Area
      • Hosting Control Panel
      • RMM Dashboard
    Zen Managed Services