According to ZDNet, a hacker has produced information that he has undertaken an alleged ‘revenge attack’ and has breached the backend servers belonging to a major U.S. cyber-security firm and stolen information from the company’s “data leak detection” service.
The firm in question is DataViper and the hacker claiming responsibility goes under the moniker of NightLion. The hacker says he has stolen 8,225 databases. DataViper is a data leak monitoring service. Apparently the dark web site contains evidence of the hacker’s access to the cybersecurity firm’s servers.
Perhaps the reason for targeting DataViper is due to the company’s success in addressing cybersecurity threats. Data Viper, a security startup providing access to 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches.
Commenting for Digital Journal is Anurag Kahol, CTO, Bitglass. The security expert begins by looking at why many enterprises turn to providers of data protection services like DataViper: “Outsourcing services provides significant advantages for growing businesses, but relying upon third-party partnerships can expand the attack surface for bad actors looking to gain access to company and customer data.”
However, these types of providers are themselves an attractive target for malicious actors, as Kahol expalins: “While the incident involving DataViper was clearly motivated by revenge, bad actors frequently target third-party vendors in order to gain access to enterprise data that may otherwise be well protected. The reputational and financial repercussions of breaches can impact a company for years.”
According to IBM, the average total cost of a breach is roughly $3.92 million and, if a third party is involved, cost per breach rises by an average of more than $370,000.
There are measures that can be taken to help stem off this type of cyber-assault, says Kahol: “To safeguard data and maintain customer trust, companies must secure access to their resources, block threats like malware, prevent data leakage, enable secure remote work, and comply with regulatory frameworks. This can be accomplished by employing advanced security platforms that provide consistent security for all interactions between devices, apps, the web, and more, from a single control point. Additionally, any organization that outsources services must prioritize managing and assessing third-party risk.”
