PCM Inc (NASDAQ:PCMI) breach allowed hackers to steal info that could be used to conduct card fraud at various financial institutions
A digital intrusion at major U.S.-based cloud solution provider, PCM Inc., allowed hackers to access email and file sharing systems for some of the company’s 2,000 clients. The attackers stole administrative credentials that PCM uses to manage client accounts, in order to steal information that could be used to conduct gift card fraud at various retailers and financial institutions.
More on the story here: https://krebsonsecurity.com/2019/06/breach-at-cloud-solution-provider-pcm-inc/
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, has commented:
“Modern attackers are risk-averse and profit-oriented. They won’t waste scarce resources and take the risks in frontal attacks on your castle, but will rather silently get in with one of your external suppliers or services providers. Nowadays, trusted third-parties often have virtually unlimited and uncontrolled access to crown jewels of many large companies and organizations. Without sufficient capacities to invest in their own cybersecurity, they are a low-hanging fruit for cybercriminals. Growing competition forces many cloud providers to cut their internal costs in order to stay competitive thereby inevitably exacerbating the situation. Worse, many cloud providers don’t have sufficient capacities to detect sophisticated, long-lasting breaches and APTs, most of which eventually remain undetected and uninvestigated. What we see in the media is just the tip of the iceberg.”
The PCM Inc is just the latest in a long list of hacks hitting entities including small companies, big companies and even the Federal Government. What do you think about these incidents? Let us know in the comments section.