“Modern attackers are risk-averse and profit-oriented.”
PCM a California-based hardware and cloud services provider has confirmed that it was hacked. During the attack, threat actors accessed files belonging to the company’s clients that were held in the firm’s Office 365 file share database. Access to the company’s Office 365 network appears to be the source of the breach.
The breach was first reported by cybersecurity researcher and reporter Brian Krebs who was informed by a security expert working for one of PCM’s clients that the attackers seemed to be looking for data that could be used to initiate a gift card fraud attack against PCM customers like retailers and financial institutions
It is believed that the breach occurred during May of 2019.
Gift card fraud typically involves a cybercriminal obtaining the username and password to a person’s credit card rewards program, usually through reused credentials or malware. It is lucrative, easy, and has low prosecution rates.
In statement with Krebs the company confirmed that it “recently experienced a cyber incident,” but it believed that the breach was limited in nature and it is on course to mitigate all risks to clients: “The incident did not impact all of PCM customers; in fact, investigation has revealed minimal-to-no impact to PCM customers.”
“To the extent any PCM customers were potentially impacted by the incident, those PCM customers have been made aware of the incident and PCM worked with them to address any concerns they had,” noted PCM.
PCM Hacked: Gift Card Fraud the Intention?
US-based PCM has nearly 4,000 employees and works with over 2,000 clients. Last year PCM took in roughly £1.7 billion in revenue.
The company is a multi-vendor technology service provider for an array of organisations, including federal governments and educational institutions across the United States, Canada and the United Kingdom.
PCM has offices in 40 locations across the world.
In an emailed statement to Computer Business Review Ilia Kolochenko, founder and CEO of cyber security firm ImmuniWeb, commented: “Modern attackers are risk-averse and profit-oriented. They won’t waste scarce resources and take the risks in frontal attacks on your castle, but will rather silently get in with one of your external suppliers or services providers.”
“Nowadays, trusted third-parties often have virtually unlimited and uncontrolled access to the crown jewels of many large companies and organizations. Without sufficient capacities to invest in their own cybersecurity, they are a low-hanging fruit for cybercriminals. Growing competition forces many cloud providers to cut their internal costs in order to stay competitive thereby inevitably exacerbating the situation.”
“Worse, many cloud providers don’t have sufficient capacities to detect sophisticated, long-lasting breaches and APTs, most of which eventually remain undetected and uninvestigated. What we see in the media is just the tip of the iceberg.”