Today’s Topics:

• Vendor Security Failures: Amazon’s Employee Data Exposed in MOVEit Attack Fallout
• Halliburton Faces $35 Million Loss After Major Ransomware Attack
• How can Netizen help?

Vendor Security Failures: Amazon’s Employee Data Exposed in MOVEit Attack Fallout

Amazon has confirmed a breach of its employee data following a leak connected to the MOVEit Transfer vulnerability exploited in May 2023. This breach, which affected various companies, saw the threat actor, known as “Nam3L3ss,” release Amazon employee information on a hacking forum. The leaked data included employee names, email addresses, building locations, and other contact details, but Amazon noted that more sensitive information—such as Social Security numbers and financial data—was not compromised.

The breach originated not from Amazon’s internal systems but from a third-party property management vendor that had access to limited Amazon employee information. According to Amazon spokesperson Adam Montgomery, the compromised data was restricted to employee contact information, and Amazon’s systems remain secure. This situation underscores the risks associated with third-party vendors, as organizations often rely on external service providers for specialized tasks, such as property management, which can introduce vulnerabilities if not properly secured.

The MOVEit vulnerability exploited by the Clop ransomware gang has had far-reaching consequences, impacting over 25 other companies, including major corporations like Lenovo, McDonald’s, and HSBC. Clop targeted the MOVEit Transfer platform, a widely used secure file transfer solution in enterprise settings, exploiting a zero-day flaw over the Memorial Day weekend in 2023. Nam3L3ss, who is reportedly involved in these leaks, claimed to have harvested extensive amounts of data from internet-exposed resources and ransomware leak sites. This trove now includes data from organizations beyond Amazon, demonstrating the extensive impact of the MOVEit breach and the interconnected risks across supply chains.

Nam3L3ss reportedly gathered data from a variety of sources, including databases exposed on the internet, such as those on AWS and Azure. The scale of this breach highlights the need for organizations to monitor third-party cybersecurity practices and secure vendor relationships, especially as ransomware actors increasingly target third-party vulnerabilities to gain access to sensitive data.

Third-party risk management, particularly for SMBs with limited resources, requires careful vendor assessment and monitoring to mitigate similar risks.

To read more about this article, click here.

Halliburton Faces $35 Million Loss After Major Ransomware Attack

In August 2024, Halliburton, a leading energy services company, disclosed a significant ransomware attack that ultimately cost the company $35 million. As a major player in oil and gas services, Halliburton operates globally across 70 countries and employs roughly 48,000 individuals. After detecting the breach, Halliburton took immediate action to secure its systems, shutting down parts of its IT infrastructure, which temporarily disrupted some customer connections and affected revenue.

An SEC filing in August confirmed the breach’s details and clarified that an unauthorized third party had accessed sensitive company systems. Shortly afterward, it was revealed that the RansomHub ransomware group was responsible for the attack, having successfully stolen data from Halliburton’s network. The company has not disclosed exactly what information was compromised, but it remains under investigation.

Despite the disruption, Halliburton reported a $0.02 per share impact on third-quarter earnings, largely attributed to lost revenue from both the cyber incident and unrelated weather events in the Gulf of Mexico. CEO Jeff Miller stated that these incidents would not significantly impact Halliburton’s overall financial health or expectations for the year, suggesting that revenue growth and shareholder returns are expected to continue as planned into the fourth quarter.

Future financial implications could arise if sensitive client data is leaked or sold. Such scenarios might expose Halliburton to further costs due to potential lawsuits and compliance liabilities related to data privacy.

To read more about this article, click here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.