Citycomp, a German company that offers multi-vendor maintenance and infrastructure services was hacked and cybercriminals got away with sensitive financial information of some of the company’s largest customers. After the company refused a cyber extortion attempt, cybercriminals dumped the information online.
Spoke to the hacker(s) behind this breach. Said they demanded $5,000 from Citycomp; that they were in the systems for just over a month, and targeted Citycomp because “they have an [sic] totally awful security system.” Also added Volkswagen commenthttps://t.co/p48fsAW7to pic.twitter.com/jmcCUcqSub
— Joseph Cox (@josephfcox) May 1, 2019
Ryan Wilk, VP of Customer Success at NuData Security:
“Although there is no information about how this attack occurred on Citycomp, many of these breaches happen due to apt hackers that are able to find system vulnerabilities or to phish those who own admin accounts. Unfortunately, with phishing, bad actors don’t need to “hack” a site, instead they can get in through the front door. Now that the information has been exposed, bad actors will use it to take over the victim’s accounts or steal their identity. Companies offering services online can still mitigate this potential damage by leveraging a security framework that uses passive biometrics and behavioral analytics that identifies customers by their online behavior. This approach cannot be mimicked by cybercriminals and renders stolen credentials and personal information valueless. Once this is done, companies will see fewer instances of blackmail as the personal information at stake won’t be as valuable.”