Cyber Security

Data analytics agency Polecat held to ransom after server exposed 30TB of records

An unsecured server belonging to a data analytics company exposed an estimated 30TB of business records online, resulting in the firm being held to ransom.

Polecat is a UK-based agency that offers “a combination of advanced data analytics and human expertise, [to help] the world’s largest organizations achieve reputation, risk, and ESG (environmental, social, and governance) management success”.

On October 29, 2020, the Wizcase CyberResearch Team, led by Ata Hakcil, discovered that an Elasticsearch server owned by Polecat was exposing roughly 30TB of data on the web without any authentication required to access records, or any form of encryption in place.

Wizcase found records dating back to 2007, including employee usernames and hashed passwords, over 6.5 billion tweets, social media records, and over one billion posts gathered from different blogs and websites.

Meow attack

The public information gathered by Polecat is harvested on a daily basis and tends to relate to subjects such as Covid-19, firearms, politicians, racism, and healthcare.

Polecat was notified of the data exposure by Wizcase on October 30 and November 1. However, it can take mere moments for an open server or bucket to be detected and abused by threat actors – and this happened a day after the researcher’s discovery.

On October 30, a Meow attack was launched against the database. Meow attacks replace database indexes with the suffix ‘gg-meow’, leading to the destruction of swathes of data.

Wizcase says that approximately half of the firm’s records were wiped, and then in a second wave a further few terabytes of information were deleted.

At this point, roughly 4TB remained in the server. Most of these records were then destroyed and a ransom note was spotted by the researchers that demanded 0.04 Bitcoin (BTC) – roughly $550 at the time – in return for the files’ recovery.

“It’s important to note that these types of scams/ransoms are usually automated and sent to many open databases,” Wizcase noted.

While the information exposed was public, it could have been downloaded for sale to competitors, and could therefore directly impact Polecat’s business.

Polecat responded to Wizcase’s report on November 2, and secured the server on the same day.

The Daily Swig has reached out to Polecat and will update when we hear back.

Source: https://portswigger.net/daily-swig/data-analytics-agency-polecat-held-to-ransom-after-server-exposed-30tb-of-records

Click to comment

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version