Topic: Deloitte email hack

[Charles2008]

When I read about this, I came straight to Contribs.org expecting some wise post or other.

This strikes me as a HUGE news story that has been played right down (this isn't store card level data). Potentially $billions of hugely sensitive corporate data could have been downloaded - consider that about 50% of Deloitte revenues come from Management Consultancy (no.5 in the World). Some of this MC would be future 'strategy' for some of the top companies worldwide.

enterprisetimes.co.uk: "the only reason for the public acknowledgement [by Deloitte] now is that the breach was reported by the Guardian."

Guardian: "The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016."

Guardian: "In 2012, Deloitte, which has offices all over the world, was ranked the best cybersecurity consultant in the world."   ...   oh the irony.

money.cnn.com:  "the breach went unnoticed for months"

fortune.com: "Deloitte knew something was amiss as long ago as last October"


https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails
https://www.theregister.co.uk/2017/09/25/deloitte_email_breach/

We haven't even heard the end of the beginning of this IMO.

[guest22]

When I read:

"The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”. The account required only a single password and did not have “two-step“ verification, sources said."

Then it is nothing technical, but a security policy issue. A typical the chain is as strong as the weakest link....

That an email administrator account can have access to the whole network and servers is also a security policy flaw. Bad design and bad practice IMHO.

Hence SME Server has a seperate admin account next to the root account and the user panel contrib...