Critical Information Security Takeaways from “PANAMA PAPERS” Data Leak Incident.

I am sure all of you have heard about the biggest data leak in the industry ( 11.5 Million documents , a size of 2.6 TB) happened from a leading legal consulting firm in PANAMA called MOSSACK FONSECA which has forced the Prime Minister of Iceland to resign from his position. The Information Security Gaps that caused this major data leak are listed below:

1) At this initial stage of investigation, it looks like it was not an insider attack as the company was hacked from servers based in abroad. So experts are of the opinion that external scanning and exploitation has resulted in this massive data leak.

2) The firm didn’t update its outlook web access login since 2009. The main site was running a version of WORDPRESS platform which was being one of most vulnerable platform for variety of Malwares. This WORDPRESS platform was outdated and not being updated during the incident.

3) E Mails were not encrypted. It was surprising to see this while considering the sensitivity of data client data handled by them.

4) The firm didn’t update its client login portal runs in DRUPAL (An open source content management system) since 2013. The DRUPAL version used by the portal was having minimum 25 vulnerabilities including high risk SQL Injection vulnerability during the hack attempt. This portal was also being vulnerable for the famous DROWN attack (A security exploit that targets email servers supporting the obsolete, insecure SSL v2 protocol). The back end of the portal was also being vulnerable as per security researchers.

Critical Information Security Takeaways for all of us:

1) We should review our critical data in periodic intervals be that on servers, laptops, phones, portable devices and even paper, to ensure that it is being secured.

2) Beware of insider threats and frauds. Need to ensure that all new staffs hired are scrutinized for criminal background from their previous employment.

3) User access privileges provided to staff need to be reviewed in periodic intervals without any compromise. We should regularly review access controls privileges to see who has access to what information and whether or not that access is still relevant to peoples’ roles.

4) A very vigilant patch management practice is required in place . All the latest patches announced by the vendors need to be monitored in daily basis and applied with immediate effect

5) Security monitoring mechanisms focused on data flow in and outside of the organization to be improved. (Through DLP Mechanism)

6) Implement a policy on data retention and disposal based on which we can reduce the overhead we have in retaining and securing mass volume of data which may not add business value.

7) Improve general information security awareness among staff.

8) Last but not least, always be prepared to get attacked as hackers are becoming more and more smarter every day. They can make huge damages through simple SOCIAL ENGINEERING attacks focused on human elements.

 

Arrange a Conversation 

Browse

Article by channel:

Read more articles tagged: Featured, Hacking