Ukrainian hacker admits stealing business press releases for $30M, What they’re NOT telling you -Netragard
The sensationalized stories about the hacking of PR Newswire Association, LLC., Business Wire, and Marketwired, L.P. (the Newswires) are interesting but not entirely complete. The articles that we’ve read so far paint the Newswires as victims of some high-talent criminal hacking group. This might be true if the Newswires actually maintained a strong security posture, but they didn’t. Instead their security posture was insufficiently robust to protect the confidentiality, integrity or availability of the data contained within their networks. We know this because enough telling details about the breach were made public (see the referenced document at the end of this article).
In this article we first provide a critical analysis of the breaches based on public information primarily from the published record. We do make assumptions based on the information provide and our own experience with network penetration to fill in some of the gaps. We call out the issues that we believe allowed the hackers to achieve compromise and cause damage to the Newswires. Later we provide solutions that could have been used (and can be used by others) to prevent this type of breach from happening again. If […]