Coca Cola has been hacked and the attackers (Stormous) have claimed to have stolen 161 GB of data. For reference, a five-page paper is 100KB. It will take 1,610,000 five-page papers to fill equal 161 GBs. What was stolen exactly, Paul Brito (2022) highlights account, plain test password files, financial, and payment data. I am linking a snippet taking for your reference.
Who is Stormous, that is the interesting piece of this attack (aside from another major company getting robbed once again). Stormous is a pro-Russian cyber-attack group that is in support of the Russian-Ukraine war. They have claimed the attack of the Ministry of Foreign affairs Trustwave SpriderLabs (2022) reports “…allegedly obtaining and making public phone numbers, email addresses, and national identity cards”
Stormous is planning to sell the information gathered from Coca-Cola, this attack, from the surface, sounds like it could be espionage, since it has pieces of politically motivated actions. I do believe this attack was purely based on financial gain. Typically, you see an attack like this either get taken, claim ownership and never heard from again or the data is released for public to access. Here we observe Stormous planning (and selling portions) to sell the findings to the highest bidder according to Vilius Petkauskas (2022) “We hacked some of the company’s servers and passed a large amount of data inside them without their knowledge, and we want to sell it to someone else”. And did they get paid, absolutely, a sum of 1.6467 Bitcoin or $64,396.67 (13 files sold).
The breach brings to question, how are all these large corporations being hacked? Truly, it’s a matter of cost (in my opinion), no matter the advice, money you spend or high talent you hire. It’s a matter of time you will be hacked. The number of critical systems being breached won’t be reduced until leadership changes the way they view cybersecurity (it’s a crucial piece of business operations). The goal for these organizations is not to be 100% hack-proof but to be 100% sure they can sustain the hack and the information leaked won’t be data that could seriously damage the organization, such as passwords and financial information.
My takes on this story: probably a good idea to stop using a .txt file to store “passwords” and use least privilege to prevent a single breach to cross boundaries of account, financial data and network files.
References
Vilius Petkauskas, (April, 26 2022) Russia-Linked Hackeers Claim to have breached Coca-Cola Company Accessed: April 29, 2022 https://cybernews.com/cyber-war/russia-linked-hackers-claim-to-have-breached-coca-cola-company/
Paul Brito (April, 25 2022) Grupo Stormous Anuncia Dados Atribuidos a Coca Cola Accessed: April 29, 2022 https://www.cisoadvisor.com.br/grupo-stormous-anuncia-dados-atribuidos-a-coca-cola/
TruseWave SpiderLabs (April 29, 2022) Stormous: The Pro-Russian, Cloud Hungry Randomware Gang Targets the US and Ukraine Accessed: April 29, 2022 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/stormous-the-pro-russian-clout-hungry-ransomware-gang-targets-the-us-and-ukraine/
Comments