Hackers Target U.K. Shipping Giant Clarkson

itman · Nov 29, 2017

So much for SRP/GP restrictions.

Clarkson, one of the world’s largest providers of shipping services, informed the public on Tuesday that it has suffered a security breach and the hackers may release some data taken from its systems.

Clarkson provided only few details citing the ongoing law enforcement investigation, but the information it made public suggests that it was targeted by cybercriminals who tried to get the company to pay a ransom in order to avoid having its data leaked online.

The shipping giant said the attackers gained access to its systems using a single compromised user account, which has been disabled following the incident.
Click to expand...

http://www.securityweek.com/hackers-target-uk-shipping-giant-clarkson

Minimalist · Nov 30, 2017

itman said: ↑

So much for SRP/GP restrictions.

http://www.securityweek.com/hackers-target-uk-shipping-giant-clarkson
Click to expand...

Did you find information somewhere if they employed such restrictions? Also, did they follow principle of least privilege?

itman · Nov 30, 2017

Minimalist said: ↑

Did you find information somewhere if they employed such restrictions?
Click to expand...

No. I assumed from the "compromise user account" statement, they elevated privileges from that access.

guest · Jul 31, 2018

Shipping Firm Avoids Customer Data Dump in Last Year's Hack & Ransom Incident
July 31, 2018
https://www.bleepingcomputer.com/ne...-dump-in-last-years-hack-and-ransom-incident/

The incident isn't a new revelation, as the company has already come clean about the hack last year, in a security alert published on November 29, 2017.
Hacker breached company via a lone user account
In an update regarding the incident published today, Clarksons finally revealed more details about the breach.

According to this document, Clarksons said it learned of the hack on November 7 last year, when it discovered that "an unauthorized third party accessed certain Clarksons' computer systems in the UK, copied data, and demanded a ransom for its safe return."
Company says it traced and recovered the stolen data
The company also claims that "through the investigation and legal measures" they were "able to successfully trace and recover the copy of the data that was illegally copied from its systems."

The company denied there was any "hacking back" involved in recovering the stolen data, and additionally added that they were "not in a position to provide any further information on the incident."
Click to expand...

Log in or Sign up

Hackers Target U.K. Shipping Giant Clarkson

itman Registered Member

Minimalist Registered Member

itman Registered Member

guest Guest

Log in or Sign up

Hackers Target U.K. Shipping Giant Clarkson

itman Registered Member

Minimalist Registered Member

itman Registered Member

guest Guest

Useful Searches