Zen Managed ServicesZen Managed ServicesZen Managed ServicesZen Managed Services
  • Services
    • Managed Cyber Security
    • Hosting
      • ColdFusion Hosting
      • Lucee Hosting
      • SmarterMail Hosting
    • Migration Services
    • Managed WordPress
    • Email Filtering & Archiving
    • Unified Threat Management
    • Acronis Cloud Backup
    • Secure VPN
    • Business Broadband
  • Support
    • Open Ticket
    • Knowledgebase
    • News/Announcements
  • BLOG
  • Contact
  • Clients
    • Client Area
    • Hosting Control Panel
    • RMM Dashboard
NextPrevious

Deloitte hit by major client email hack

By russmichaels | News | 0 comment | 27 September, 2017 | 0

Don’t become a victim of cyber-crime 

Protect your business today

Contact us for a full cyber-security solution

managed cyber security

B

ig Four firm Deloitte had blue-chip clients’ usernames, passwords and personal details stolen in a cyberattack that apparently went unnoticed for months.

A Guardian investigation found that hackers were able to access the firm’s global email system and steal information belonging to the world’s biggest banks, multinational companies and government agencies.

The report stated that Deloitte discovered the security breach in March 2017, but attackers may have had access to the firm’s systems as far back as October 2016.

Details of the breach are minimal, but it does appear that the attackers were able to access the system because the firm did not employ two-factor authentication, meaning that the hackers were able to access the global email system by acquiring a single username and password.

The criminals accessed Deloitte’s global email server through an administrator’s account that, according to sources, gave them unrestricted “access all areas”.

The focus of the attack seems to have been on Deloitte’s American operations. So far six of the firm’s clients have been informed that their information was “impacted” by the hack.

An estimated five million emails from the firm’s 250,000 workforce are stored in Deloitte’s Azure cloud service, which is provided by Microsoft, although the firm claims that a fraction of that number was at risk.

The hackers’ identity is yet unknown, and Deloitte’s New York office is currently undertaking an internal review into the incident codenamed “Windham”.

‘Cyber incident’

Responding to the claims, a Deloitte spokesperson told the Guardian: “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte”.

While it is too early to tell the full extent of the attack, it is particularly embarrassing as Deloitte provides consultancy services on how to manage the risks posed by cyber-attacks.

The setback is the latest in a series to befall Big Four firms in recent weeks. Last week KPMG found themselves embroiled in political scandal after details emerged about its audits of Gupta-owned firms in South Africa.

Deloitte clients should ‘be on guard’

Oz Alashe, CEO of cyber awareness platform CybSafe, told AccountingWEB that the fact hackers now have details of Deloitte clients’ private emails is certainly cause for concern.

“The loss of these email address details could make it easier for fraudsters to commit ‘spear phishing’ attacks, not just on the Deloitte employees, but also on close family and friends,” said Alashe.

“Spear phishing emails are highly personalised versions of the more common phishing scam. Rather than regular phishing emails – generic emails which are usually sent to masses of people at the same time – spear phishing emails appear much more credible to the intended target by using details from an individual’s personal life.

“Deloitte clients need to be on guard for any suspicious emails and links that are sent to their compromised addresses, and they should extend this warning to other colleagues, family, friends and clients. Spear phishing emails can be exceptionally convincing and even the most tech-savvy need to be cautious.”

“Usernames and passwords have also reportedly been stolen. Needless to say, clients who have been affected need to promptly change their Deloitte passwords. If clients have reused their Deloitte password on other accounts, they should immediately look to change these too.”

No tags.

Related Post

  • 54% of UK companies hit by ransomware attacks

    By russmichaels | 0 comment

    All experts agree that ransomware is unpredictable, hard if not impossible to prevent, and is currently showing no signs of slowing. Businesses are facing numerous challenges from this evolving, dangerous threat, with Andy Buchanan fromRead more

  • The business of cybercrime

    By russmichaels | 0 comment

    Think of a cyber criminal and what do you see? For many of us the answer is an obsessive loner, working from ‘criminal headquarters’ that are nothing more than a cramped bedsit. While that imageRead more

  • Cybercriminals are now stealing off each other

    By russmichaels | 0 comment

    The cost of ransomware attacks: $1 billion this year And it’s only the beginning, with file locking malware only set to grow and take larger role in cybercrime, warn researchers. Read More Contact ZenMSP todayRead more

  • Is your hosting provider secure?

    By russmichaels | 0 comment

    In the past month, WordFence forensic analysts ran into two situations where they saw a significant number of site cleaning customers, all from the same hosting companies, all with the same malware. In both cases theRead more

  • Microsoft announces end of life (EOL) on Windows Vista

    By russmichaels | 0 comment

    What Does This Mean? As of today Windows Vista has now reached the end of its product support lifecycle after completing five successful years. In other words, Microsoft will no longer be supporting Windows Vista, andRead more

  • New malware targets governments

    By russmichaels | 0 comment

    New malware uses password recovery and backup tools to steal data A new type of attacks targeting government agencies uses readily available software such as password recovery and backup tools to infect victim organizations andRead more

  • Microsoft Master File Table bug exploited to BSOD Windows 7, 8.1

    By russmichaels | 0 comment

    Until Microsoft patches this problem, use Chrome: a slip in file path handling allows an attacker to crash Windows 7 and Windows 8.1 with a simple file call. The bug is triggered if Windows’ MasterRead more

  • Massive GoldenEye / Petya ransomware attack is currently unfolding worldwide.

    By russmichaels | 0 comment

      Another month, another global ransomware attack. Just as it seemed that the threat of WannaCry has dissipated, organisations around the world are finding themselves under siege from a new threat. Bitdefender has identified aRead more

NextPrevious

Categories

  • News
  • Products & Services
  • Security
  • Tutorials
  • Uncategorized

Recent Posts

  • How to make your Website GDPR compliant
  • How to Create a Privacy Policy for Your Website
  • 10 Important Cybersecurity Statistics for 2018
  • Severe Drupal core remote code execution vulnerability
  • (no title)

Recent Comments

    Archives

    • April 2018
    • March 2018
    • November 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
      Legal Documents
    • Hosting Master Service Agreement
    • Terms & Conditions
    • Privacy Policy
    • Services
      • Managed Cyber Security
      • Hosting
        • ColdFusion Hosting
        • Lucee Hosting
        • SmarterMail Hosting
      • Migration Services
      • Managed WordPress
      • Email Filtering & Archiving
      • Unified Threat Management
      • Acronis Cloud Backup
      • Secure VPN
      • Business Broadband
    • Support
      • Open Ticket
      • Knowledgebase
      • News/Announcements
    • BLOG
    • Contact
    • Clients
      • Client Area
      • Hosting Control Panel
      • RMM Dashboard
    Zen Managed Services