More than 2,000 customers of the prominent cloud solution provider, PCM Inc., has had their data comprised in a data breach that the company suffered that tech experts are noting to appear to be an effort to collect gift card information from the victims.
According to Brian Kebs from KrebsOnSecurity, the hackers have successfully infiltrated the company’s email and file sharing systems for some of the company’s clients. PCM is a El Segundo, California-based tech company providing cloud soltions to business and federal and state governments. The company has approximately 4,000 employees, more than 2,000 customers, and generated approximately $2.2 billion in revenue in 2018.
“Breach at 6th-largest cloud solutions provider PCM Inc. let intruders rifle through Office365 email/documents for a number of customers,” Krebs wrote in a Twitter post.
The intrusion, discovered mid-May, was able to exploit the company’s system and stole administrative credentials that PCM uses to manage client accounts within Office 365, a cloud-based file and email sharing service from Microsoft.
According to an expert from one of the customers of PCM who examined the data breach and reviewed the attack, it appears that the attackers want to use the stolen data in gift card fraud schemes at financial organizations and retailers. This is a similar modus operandi in the April attack of Italian IT-outsourcing company Wipo, where the attackers also collected gift cards from the company.
It is still unclear whether the two intrusions were related to each other or if they are totally separate attacks carried out by different hackers.
Jonathan Oliveira, Cyber Threat Intelligence Analyst at Centripetal was hesitant that the two incidents are connected nor doesn’t he think that there is an organized group behind the attacks.
““As a bystander, it does seem possible that both the Wipro and PCM compromises are connected. As for the connection to Cloud Hopper, it is not surprising that Chinese groups are attacking the ISPs and cloud providers. The growing trend of targeting employees who work at cloud providers makes plenty of sense because why would an attacking group want to waste time and resources brute forcing when employees statistically offer the best avenue of approach into a network. These employees are increasingly becoming high value targets and, in most cases, do not realize how valuable they are to an attacker,” he said.
In a statement, PCM announced that the company “recently experienced a cyber incident that impacted certain of its systems.”
“From its investigation, impact to its systems was limited and the matter has been remediated,” the statement reads. “The incident did not impact all of PCM customers; in fact, investigation has revealed minimal-to-no impact to PCM customers. To the extent any PCM customers were potentially impacted by the incident, those PCM customers have been made aware of the incident and PCM worked with them to address any concerns they had.”
But tech experts questioned why a coompany such as PCM, which provides cloud-based services and should be the frontliner of data security, did not have multi-factor authentication (MFA) enabled in its system to prevent such attacks.
Jonathan Bensen, CISO at Balbix said that PCM has put their clients’ bottom lines at risk. ““As a global cloud solution provider that generated about $2.2 billion in revenue in 2018, it is surprising that PCM did not at the very least have multi-factor authentication (MFA) enabled on their systems to thwart the malicious third-party that falsely obtained PCM’s administrative credentials for the company’s file sharing systems with its clients. As a result of this incident, the hackers could potentially conduct gift card fraud at various retailers and financial institutions,” he said.
“By failing to secure its Office 365 with tighter controls and therefore putting its clients’ bottom lines at risk due to gift card fraud, PCM and its customers stand to suffer significant damage. PCM could lose some customers who have lost faith in the company to its competitors such as Zones, CDW or PC Connection. Not to mention the brand reputation and potential for lawsuits.”
Furthermore Bensen underscored the importance of MFA’s in securing systems and said that “enterprises must implement security solutions that scan and monitor all assets and detect vulnerabilities that could be exploited.”