Cybersecurity firm 'sniffed out' hacked Tiruppur hospital data on dark web. Now, it's a 'victim' too
Cybersecurity firm ‘sniffed out’ hacked Tiruppur hospital data on dark web. Now, it’s a ‘victim’ too
Bengaluru-based CloudSEK claimed last week that patient data from Sree Saran Medical Centre was being sold online. This week, the firm’s customer names & purchase orders got leaked.
REGINA MIHINDUKULASURIYA
9 December, 2022 04:43 pm IST
Representational image | Commons
Representational image | Commons
Text Size: A- A+
New Delhi: Last week, Bengaluru-based cybersecurity firm CloudSEK claimed it had found patient data from Sree Saran Medical Centre (SSMC) in Tiruppur being sold on the dark web. This week, the company has itself become the victim of a cyber attack.
This comes at a time when AIIMS Delhi is reeling from a massive cyber attack that forced the hospital to function offline for more than a week.
Over 6-7 December, CloudSEK updated its blog about the cyber incident it had experienced. “We are investigating a targeted cyber attack on CloudSEK,” the company said on 6 December.
Next day, it explained that the issue dates back to November when an employee’s laptop that had been facing issues was given to a vendor named ‘Axiom’, to fix.
“The vendor took the laptop out of CloudSEK premises for servicing. The laptop was returned with a new copy of Windows and a stealer log malware (Vidar Stealer) installed,” CloudSEK said.
A stealer malware can collect information from an infected computer such as passwords that are then typically sent to a hacker’s computer.
The firm disclosed that because of the attack, customer names, purchase orders for three companies, and “multiple” screenshots of dashboards for CloudSEK software were leaked.
It added that no other ”access to customer data” or “access to customer login information” was compromised because of the attack.
The firm is unsure who is behind the attack, but it “suspects a notorious cyber security company that is into dark web monitoring”.
Cyberattacks are increasing across the world and industries. Cybersecurity firm Check Point says on its website, “Asia experienced the most cyberattacks in the third quarter of 2022, with an average of 1,778 weekly attacks per organisation”.
Also Read: India is dangerously unprepared for Chinese cyber-war. AIIMS ransomware attack shows why
The series of events
CloudSEK updated its blog Wednesday to explain how the attack had taken place due to the servicing. The company’s administrative team, unaware of the malware installed on the now-serviced laptop, handed it back to the employee.
“The stealer log malware uploaded the passwords/cookies on the employee’s machine to a dark web marketplace,” CloudSEK said. “The attacker purchased the logs the same day.”
‘Cookies’ refer to data packets containing information like usernames and passwords. The cookie is sent to a user’s device from a website the user visits. Each time a user starts using a website or online service, that particular ‘user session’ is logged by the website or online service, by way of a cookie. The data available in a cookie is labelled with a unique ID specific to the user’s device so the website is able to identify the user.
An attacker with access to cookies can log into and use a victim’s accounts without having access to passwords because the website or online service will think it’s the same user accessing its service from the same device.
CloudSEK says such session cookies collected via the malware were “compromised” and had allowed the attacker to take over an account CloudSEK used to track software development.
(Edited by Theres Sudeep)
Bengaluru-based CloudSEK claimed last week that patient data from Sree Saran Medical Centre was being sold online. This week, the firm’s customer names & purchase orders got leaked.
REGINA MIHINDUKULASURIYA
9 December, 2022 04:43 pm IST
Representational image | Commons
Representational image | Commons
Text Size: A- A+
New Delhi: Last week, Bengaluru-based cybersecurity firm CloudSEK claimed it had found patient data from Sree Saran Medical Centre (SSMC) in Tiruppur being sold on the dark web. This week, the company has itself become the victim of a cyber attack.
This comes at a time when AIIMS Delhi is reeling from a massive cyber attack that forced the hospital to function offline for more than a week.
Over 6-7 December, CloudSEK updated its blog about the cyber incident it had experienced. “We are investigating a targeted cyber attack on CloudSEK,” the company said on 6 December.
Next day, it explained that the issue dates back to November when an employee’s laptop that had been facing issues was given to a vendor named ‘Axiom’, to fix.
“The vendor took the laptop out of CloudSEK premises for servicing. The laptop was returned with a new copy of Windows and a stealer log malware (Vidar Stealer) installed,” CloudSEK said.
A stealer malware can collect information from an infected computer such as passwords that are then typically sent to a hacker’s computer.
The firm disclosed that because of the attack, customer names, purchase orders for three companies, and “multiple” screenshots of dashboards for CloudSEK software were leaked.
It added that no other ”access to customer data” or “access to customer login information” was compromised because of the attack.
The firm is unsure who is behind the attack, but it “suspects a notorious cyber security company that is into dark web monitoring”.
Cyberattacks are increasing across the world and industries. Cybersecurity firm Check Point says on its website, “Asia experienced the most cyberattacks in the third quarter of 2022, with an average of 1,778 weekly attacks per organisation”.
Also Read: India is dangerously unprepared for Chinese cyber-war. AIIMS ransomware attack shows why
The series of events
CloudSEK updated its blog Wednesday to explain how the attack had taken place due to the servicing. The company’s administrative team, unaware of the malware installed on the now-serviced laptop, handed it back to the employee.
“The stealer log malware uploaded the passwords/cookies on the employee’s machine to a dark web marketplace,” CloudSEK said. “The attacker purchased the logs the same day.”
‘Cookies’ refer to data packets containing information like usernames and passwords. The cookie is sent to a user’s device from a website the user visits. Each time a user starts using a website or online service, that particular ‘user session’ is logged by the website or online service, by way of a cookie. The data available in a cookie is labelled with a unique ID specific to the user’s device so the website is able to identify the user.
An attacker with access to cookies can log into and use a victim’s accounts without having access to passwords because the website or online service will think it’s the same user accessing its service from the same device.
CloudSEK says such session cookies collected via the malware were “compromised” and had allowed the attacker to take over an account CloudSEK used to track software development.
(Edited by Theres Sudeep)