The Deloitte breach that was revealed by the Guardian last week was incredibly embarrassing for the firm. They have been named Gartner’s No. 1 Security Consultancy for 5 years in a row 😳. They quickly attempted to hush things up and the only people that seem to be talking openly about it are Cyber Security types, such as me. 😏 I’m not going to go knocking Deloitte for the breach. All I will say is that they make enough money out of their clients, they should practice what they preach. If little old me can implement two factor authentication on ALL my accounts, big old Deloitte can do it too. That’s only one step. There has been so much revealed since, they have a number of steps to take.
So what happened with the Deloitte breach?
It seems a hacker gained access to the Deloitte global e-mail server by signing in as an administrator. This type of account has the highest access level on a mail server. It was simply secured by a password. As a minimum, this type of account should be secured by two factor authentication. So the evil doer could literally read every mail and open every attachment. Unless the e-mail or attachment were separately encrypted, then they could see everything.
Where was this e-mail server?
In the cloud. Microsoft’s Azure Cloud Service to be precise. The e-mails for all 244,000 Deloitte staff are on this service. You may remember I recently wrote about the presumption that the cloud is secure.
But only “very few” clients were impacted.
We don’t know who those “very few” customers were. Don’t forget Deloitte provide services to huge Corporations, as well as Government agencies on a global basis. There could be a huge impact as a result of this.
Also by Tuesday last, security researchers had turned their attention on Deloitte. It was reported that server address and login details for staff to be able to remotely access the Deloitte network were stored in a publicly accessible forum. Separately an employee had his proxy login details stored on his public page on Google+ (that’s the poor attempt from Google to take on Facebook) for over 6 months.
Finally they found many servers that were easily reachable from the internet. Many running services that could be easily exploited, others showing that they have patches that need applying. You know how I feel about patches.
The situation is a very poor showing from Deloitte. They need to step up their game and practice what they preach. I know a good cyber security evangelist if they need one. 😉