Cybersecurity outfit turns victim after exposing dark web hack

12/11/2022Asia, Cybercrime, Darknet News

The Indian cybersecurity company CloudSEK claimed last week that patient data from Sree Saran Medical Center was sold on the dark web. Now, CloudSEK’s own customer list and purchase orders were exposed this week.

The cybersecurity company CloudSEK, located in Bengaluru, said last week that it had discovered patient information from the Sree Saran Medical Centre (SSMC) in Tirupati being sold on the dark web. This past week, the business suffered a cyberattack of its own.

This occurs as AIIMS Delhi is still recovering from a significant cyberattack that rendered the hospital inaccessible for more than a week.

In a blog post published on December 6 and 7, CloudSEK described the cyber issue company had encountered. The organization stated on December 6 that it was looking into a targeted cyberattack against CloudSEK.

The following day, it was revealed that the problem had its origins in November, when a vendor dubbed “Axiom” was tasked with fixing a problematic employee’s laptop.

“The vendor removed the laptop from CloudSEK’s facilities for maintenance. The laptop was given back with a fresh copy of Windows installed along with the stealer log malware (Vidar Stealer),” according to CloudSEK.

Passwords and other data can be collected by stealer software from an infected computer and often forwarded to a hacker’s machine.

The company disclosed that the hack resulted in the exposure of client names, purchase orders for three businesses, and “several” screenshots of CloudSEK software dashboards.

It further stated that the attack did not breach any additional “access to consumer data” or “access to customer login credentials.”

Although the company is unaware of the attacker’s identity, it “suspects a renowned cyber security outfit that is involved dark web monitoring.”

Cyberattacks are becoming more prevalent in all countries and industries. Asia had the most cyberattacks in the third quarter of 2022, with an average of 1,778 attacks per organization per week, according to the website of cybersecurity company Check Point.

The Chain Of Events

Wednesday, CloudSEK updated its blog to describe how the attack had occurred as a result of the service. The administrative staff of the organization returned the now-serviced laptop to the employee without realizing it had malware on it.

The passwords and cookies on the employee’s computer were posted to a dark web marketplace by the stealer log virus, according to CloudSEK. The logs were bought by the attacker the same day.

Data packets known as “cookies” include information such as usernames and passwords. A user’s device receives the cookie from a website they visit. A cookie is used by a website or online service to keep track of each “user session” that a user initiates while using the service. In order for the website to recognize the user, the data included in cookies is marked with a special ID that is unique to the user’s device.

Due to the fact that a website or online service would assume it is the same user visiting its service from the same device, an attacker with access to cookies can log into and use a victim’s accounts without having access to the victim’s passwords.

According to CloudSEK, such session cookies obtained through the virus were “compromised,” enabling the attacker to seize control of an account used by CloudSEK to monitor software development.