Devastating Cyberattack on Email Provider Destroys 18 Years of Data

  /     /     /  
Publicated : 23/11/2024   Category : security


Devastating Cyberattack on Email Provider Destroys 18 Years of Data


All data belonging to US users—including backup copies—have been deleted in catastrophe, VFEmail says.



An unknown attacker appears to have deleted 18 years worth of customer emails, along with all backup copies of the data, at email provider VFEmail.
A note on the firms website Tuesday described the attack, first
reported by KrebsOnSecurity
, as causing catastrophic destruction.
This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can, the note read. VFEmail was established in 2001 and provides free and paid email services, including bulk email services in the US and elsewhere.
The attack, described in a series of tweets from the firm, seems to have occurred on Monday and had targeted all VFEmails externally facing servers across data centers. Though the servers were running different operating systems and not all shared the same authentication, the attacker managed to access each one and reformat them all the same.
The firm apparently caught the perpetrator in the middle of formatting a VFEmail backup server hosted in the Netherlands. But by that time, the attacker had already managed to form all disks on every other VFEmail server. Every VM is lost. Every file server is lost, every backup server is lost, according to one of the companys 
tweets
.
The attacker sent no ransom notes and appears not to have made any attempt at contacting VFEmail. The motive seems to have been just attack and destroy, the company 
said
.
Restoration
An update posted late Monday afternoon said the firm had restored webmail and was once again delivering incoming mail to users of its paid services. Mailboxes were being created upon new mail delivery. There is currently no delivery mechanism for free accounts, the update said.
The system used in the attack on the server hosted in the Netherlands had an IP address belonging to a service provider in Bulgaria. But besides that scrap of information, VFEmail did not appear to have any other information on the attacker or the attackers motives.
Several security experts are viewing the attack as an example of the devastating consequences of not having a well thought-out strategy for secure data backup and recovery.
This raises questions of what disaster recovery strategy was in place and why data wasnt backed up into cold storage, thus making it unavailable to attackers, said Fausto Oliveira, principal security architect at Acceptto. Companies with a strategy in place for dealing with such attacks should have been able to recover at least a substantial part of the deleted data, Oliveira said.
Chris Morales, head of security analytics at Vectra, said attacks that have such extreme consequences are rare and highlight the value of maintaining offline backups and archives of data.
Offline backups might not give a full restore to the exact date data was lost, but it would prevent the complete loss of all historical user data, he said. Many organizations have begun using offline backups to counter potential loss from ransomware, he noted.
Such attacks also highlight the need for proper authorization controls for access to critical data, says Balaji Parimi, CEO at CloudKnox Security, told Dark Reading. Just having a backup and disaster recovery plan is not sufficient, he says.
Organizations should also take care to avoid providing a single identity with complete administrative privileges on both primary and backup data, or having the ability to wipe data from multiple servers, he says. Proper authorization controls need to be in place to mitigate these types of risks and reduce the blast radius, Parimi says.
Related Content:
Are You Listening to Your Kill Chain
?
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
Client-Side DNS Attack Emerges From Academic Research
6 Ways to Anger Attackers on Your Network
 
 
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Devastating Cyberattack on Email Provider Destroys 18 Years of Data