Comment by anticristi
5 years ago
Call me naïve, but who is such a hot target to warrant so much effort to exfiltrate PII? Defense? FinTech? Government?
5 years ago
Call me naïve, but who is such a hot target to warrant so much effort to exfiltrate PII? Defense? FinTech? Government?
Who is such a hot target and can take such an independent attitude, even to allowing this to be published? If this had been a bank, they'd have had to report to regulators and likely we'd have heard none of these details for years if ever. Same for most anything else big enough to be a target i can think of offhand.
Idk. while banks have to report on this they are (as far as I know) still free to publicize details.
We normally don't hear about this things not because they can't speak about it but because they don't want to speak about it (bad press).
My guess is that it's a company which takes security relatively serious, but isn't necessary very big.
> hot target [..] else big enough to be a target
I don't thing you need to be that big to be a valid target for a attack of this kind, neither do I think this attack is on a level where "only the most experienced/best hackers" could have pulled it of.
I mean we don't know how the dev laptop was infected but given that it took them 3 month to reinfect it I would say it most likely wasn't a state actor or similar.
Doesn’t the GDPR force them to talk about it? I mean all potentially affected people must be informed.
1 reply →
Hotel or b2b travel agencies also have PII that can be very useful to intelligence agencies.
Based on how outlandish the GW setup is, this is definitely a bank.
It could conceivably belong to a defense organization, but if it did, they wouldn't be able to write up a blog about their findings.
sounds like a non-conventional bank with many details allowed to be posted, perhaps something crypto ?
I'd add medical to that list. Vaccine test results are hot stuff.
I think you're right that it's medical. The author calls out PII was the target. Sure, there's PII in Defense/Fintech/Government, but it's probably not the target in those sectors and PII doesn't have the same spotlight on it as in the Medical world (e.g. HIPPA & GDPR).
Are you saying that, for example, the addresses of military generals and spies are less of a target for hackers than the addresses of medical patients? While there are laws to protect medical information, I think all governments care more about protecting national security information.
3 replies →
Not just vaccines, but basically all your data, including billing and disease history. Perfect for both scamming and extortion.
Keep in mind that you actually want your medical provider to have that data, so they can treat you with respect to your medical history, without killing you in the process.
True. However, reading between the lines, the exfiltration "project" was targeted (i.e. one-off), skilled and long. I would put the cost anywhere between 1 megabuck and 10 megabucks. Given risks and dubious monetization, I would assume the "sponsor" demands at least a 10x ROI.
Is medical data really that valuable?
1 reply →
If they can get to you, they can get to your clients, who have clients they're now better able to get to, etc...
HVAC company working in a building where a subcontractor of a major financial firm has an office, for a random example...