There have been pretty many ransomware stories, but one of them has a relation with Deloitte UK. A collective that recently appeared under the name Brain Cipher reports claiming to have extracted 1 terabyte of confidential data related to Deloitte since mid-2024.
What does this mean, and how did this happen?
The group has published Deloitte's data on a dark web leak site, which means they will meet the ransom demands before 15 December. Corporate strategies, client financial documents, and internal security data of Deloitte have leaked. If this is correct, then leaked data will be a disaster for both Deloitte and its customers.
This is a note that even international consulting companies around the globe cannot evade cyber-attacks. The strategy of operation of Brain Cipher is smart and occurs as an advancement of creating ransomware, which was initially Lockbit 3.0.
Coordinated operations
1. Ingress- This means they come in with hacking through phishing or with help from an initial access broker.
2. Payload deployment- They come with delivery mechanisms for apparently harmless ransomware with the objective of evading detection.
3. System Compromise- All security services are off and some logs will be deleted
4. Double Extortion- Data will get encrypted demand for payment along with threat if paid ".
This may be the entry point that attackers can use.
Conclusion and Lessons Learned:
The nature of the attack depicts the sophistication of cyber attackers quite at a high level. Defense-in-depth approach will be required. It should consist of:
1. Proactive Threat Monitoring: This will scan for vulnerabilities and perform penetration tests on the system. All identified vulnerabilities should be resolved.
2. Zero Trust Architecture: The zero-trust architecture prevents unauthorized access as well as lateral movement across the network.
3. Incident Response Planning: A tested incident response plan that can minimize the effects of the damage created by the attacker.
4. Data Encryption: In the data encryption process, the extracted data even if it is exfiltrated, would be unusable.
5. Employee Education: Firm-wide, continuous training ongoing and ongoing process to be ever-cognizant of phishing detection and associated suspect actions.
-> In the following weeks, Deloitte will be conducting intense damage mitigation activities and strengthening client interaction. This incident depicts the bitter truth of the present situation of cybersecurity in the present corporate world, where vigilance needs to be increased again and again. It further describes the fact that sufficient preparation and resilience are needed to reduce the impact of those threats that are bound to take place earlier than one would like to expect.