-
Figure Technology revealed that its systems were exposed to hackers because an employee got played in a social engineering scam.
-
As a result of the attack, cybercriminals were able to steal a “limited amount of files” with private information about Figure’s customers.
-
ShinyHunters posted a substantial amount of stolen data (2.5 gigabytes) earlier this week after Figure declined to pay a ransom.
On Friday, Figure Technologies announced that bad actors hacked their systems. Cyber thieves target the company just like they do to many others in the cryptocurrency space, looking for a way to access customer data stored on their blockchain platform.
The company issued a statement through Techcrunch confirming that the breach occurred as a result of a social engineering attack on one of our employees, causing an employee to divulge login credentials that allowed access to sensitive company files.
According to Alethea Jadick, Figure’s spokesperson, the attackers accessed the whole of the company’s records with those login credentials.
Hackers Publish Stolen Customer Data
ShinyHunters is the name of the bad gang that is claiming the attack against Figure for allegedly not paying up on their ransom demand. They posted 2.5 gigabytes of data on a release site on the dark web, which they stole from various companies, they stated.
his tactic of publishing stolen user records on underground forums has become a hallmark of modern cyber extortion, most recently seen when a French IT firm Réseau.site suffered a data breach as a hacker published user records directly for the dark web to exploit.
The group has a pattern of hacking into companies and holding their data ransom across a wide variety of industries. TechCrunch took a look at some of the leaked information and can confirm a large amount of stolen customer data posted to the site.
These included full names, birthdays, addresses, as well as telephone numbers. Thus, customers are at risk for ID theft and phishing schemes. Criminals with such sensitive information could go a long way in fraudulent activities.
Figure’s spokesperson confirmed the breach and did not, however, provide any leads regarding the number of affected customers. They did not explain the particular security protocol that failed or their actions after the breach alert.
This lack of transparency only frustrates security experts, as many believe that providing transparency will allow customers to protect themselves at a faster rate.
Part of a Larger Okta-Targeted Campaign
ShinyHunters described their attack against Figure as part of a larger coordinated effort targeting many other organizations, including the Ivy League universities of Harvard and Penn. All of these victimized organizations had in common the use of Okta’s single sign-on service for accessing multiple applications using only one username and password combination.
The hackers took advantage of the fact that they were able to log in to multiple applications by using their single sign-on account to log in to Figure as well. While single sign-on systems provide users with convenience by allowing them access to many applications using a single set of login credentials, they also provide hackers with a single point of failure to exploit.
Security experts say that this type of attack is one of the many recent trends in cyber attacks based on identity theft or impersonation. In these types of attacks, hackers compromise administrator accounts to bypass conventional security measures.
Once they have control over the organization’s single sign-on account, they can then log in to the many connections or downstream applications and/or internal systems they created with the use of their original administrator credentials.
This makes it extremely difficult for the affected organizations to perform cleanup after the incident. A single compromised account can give hackers access to come and go from entire networks.
The Growing Threat of Social Engineering
Figure’s recent breach illustrates what happens when one falls for a social engineering attack. One tricked employee welcomed the bad group. This reinforces the demand for a security strategy other than firewalls and antivirus software in a company to guard against these types of attacks.
Security professionals want companies to bring in phishing-resistant authentication methods. Hardware security keys are much more secure than just using passwords and provide a level of protection from an attacker using social engineering to gain remote access to a network.
Companies also must train their employees so that they know what to look for when they receive a suspicious request and how to verify the identity of someone who is requesting access.
Conducting regular security drills with employees can help them to identify social engineering attacks and resist these types of attacks.
This breach serves as a reminder to organizations that data security is dependent on both the talent of people and the technology installed to support them. Organizations must address and improve both elements to successfully protect customer data.
A challenge that mirrors the efforts of national agencies like those in South Korea, which is developing advanced technology to hunt dark web drug dealers and bring them to justice in an increasingly anonymous digital world.
