Security: Email List Compromise
- Category: Firma
- Author: Admin
- Publisher:
Psychz Networks
- May 31,2021
Today, May 31, 2021 one of our remote employees home workstation was discovered to be compromised leading to a breach that ultimately led to access to a list of email addresses in our system. The list of email addresses were subsequently emailed an attachment virus in an email that the bad actor titled in the subject "SERVER TERMINATION". We do not believe any other information other than a list of email addresses that amount to approximately 5% of our clients was accessed.
Though this particular employee's system and internal resource access was already limited due to the employee's position of an entry-level Support Technician, we continue the thorough process of reviewing logs in our system's security to ensure no other data was accessed.
Resources the employee did NOT have access to are:
1. Full database of client details that include name, address, billing details or even type of services
2. Router/Switch, IPMIs and other networking infrastructure
At the time of this writing, we continue to search for other breach access points to find the full extent of the compromise, but we remain confident that due to the limited access the employee had, no other data was accessed, more especially because the employee's access to all company resources was quickly disabled to avoid further access.
Though most recipients of the bad actor's emailed attachment would have already patched to protect their locals systems, it is an important reminder to never open attachments from unknown email senders. For more information on the patch that protects against this vulnerability see: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882
As we continue our investigation, if there are any further developments, we will continue to be very communicative to ensure this matter is handled professionally and more importantly in a secure manner to protect our client's privacy.
George Becerra
Psychz Networks