CyberSecurity SEE

Accenture Leak May Facilitate Follow-On Attacks, Researchers Caution

Accenture Leak May Facilitate Follow-On Attacks, Researchers Caution

3rd Party Risk Management,
Cybercrime,
Fraud Management & Cybercrime

Researchers Urge Organizations to Rotate Credentials and Review Audit Logs

Accenture Leak May Facilitate Follow-On Attacks, Researchers Caution
Image: Konektus Photo/Shutterstock

A hacker, identified by the moniker 888, recently claimed to have stolen a substantial 35 gigabytes of sensitive data from the consulting powerhouse Accenture. In response to this alarming breach, Accenture confirmed the incident and asserted that it has resulted in “no impact” on their operations or services. Nevertheless, cybersecurity experts have flagged significant risks, indicating that the contents of the breach extend beyond a typical data leak and may set the stage for future attacks.

The alleged breach includes highly sensitive assets such as source code, Microsoft Azure personal access tokens, storage access keys, RSA encryption data, SSH keys, and various configuration files. These elements, if misused, could allow bad actors to further infiltrate systems and compromise sensitive repositories or cloud-linked services. Security intelligence firm SOCRadar emphasized the risks posed by the exposed source code, stating that it can provide attackers with insights into internal application logic, expose implementation weaknesses, and highlight potential vulnerabilities within custom systems.

Accenture is not just any consulting firm; it advises numerous Fortune Global 500 companies on crucial aspects like digital transformation and artificial intelligence implementation. Serving a diverse clientele of approximately 9,000 global clients across over 120 countries, the potential ramifications of this breach could extend well beyond Accenture itself, serving as a potential launchpad for attackers targeting downstream customers.

In light of this breach, Accenture is moving forward with plans to acquire a majority stake in Dragos, a leading operational technology threat detection firm. Additionally, it aims to fully own two other cybersecurity-focused companies, runZero and NetRise, in transactions valued at approximately $4.2 billion. This indicates that even amidst the challenges posed by cyber threats, Accenture is committed to fortifying its cybersecurity infrastructure and offerings.

The firm has a history of encountering cyber incidents. In 2017, researchers uncovered four publicly accessible Amazon AWS S3 storage buckets that contained sensitive information concerning the Accenture Cloud Platform and the clients utilizing it. Then in 2021, the notorious LockBit ransomware group breached Accenture’s systems, threatening to publicly release an enormous 6 terabytes of stolen data.

With his history of targeting high-profile entities including Microsoft, IBM, and Samsung, the hacker known as 888 has been previously linked to claims of breaching Accenture through a third party, which involved the theft of data belonging to nearly 33,000 current and former employees. In various reports, it has been stated that over 70 attacks attributed to 888 have been recorded across multiple countries, lending credibility to his claims.

After serving as a moderator on a version of BreachForums, which was dismantled following the arrest of its operator, 888 has transitioned to a role on PwnForums, where he is allegedly selling data from the Accenture breach in exchange for cryptocurrency, specifically Monero (XMR).

To substantiate his claims, the hacker showcased a screenshot displaying shell commands that authenticated to an Azure DevOps Git server and included a request to the Azure DevOps REST API for a Git repository’s listings, subsequently cloning the repository to a local machine. This tangible evidence raised concern regarding the content stored in an Accenture folder, approximately 263MB in size, which was found to encompass around 88 top-level project directories largely comprised of Node.js and React web application code.

Experts noted that the folder referenced 127 environment (.env) files from varied environments, including production, staging, and development, alongside SQL database scripts, an SSL certificate archive, and numerous application configuration files. While the presence of these files demonstrates significant vulnerabilities, it remains to be confirmed whether they are indeed exposed to unwanted access.

Despite Accenture’s assertion regarding the breach’s scope, experts from SOCRadar have advised companies to take immediate action by rotating their credentials and rigorously reviewing log entries and repositories. Such proactive measures are crucial in mitigating the fallout and safeguarding against further attacks stemming from the breach.

Source link

Exit mobile version