Leaked Credentials and Vulnerabilities Lead to Compromise

Several companies have been hacked in Norway the past few weeks (Intersport, NHH), and internationally we’ve seen the same (Intel, Canon, Garmin). River Security commented in the Norwegian news magazine Dagens Næringsliv regarding this.

Norwegian article: https://www.dn.no/teknologi/river-security/chris-dale/nhh/chris-dale-hjelper-bedrifter-rammet-av-losepengevirus-vi-betaler-ut-sa-mye-at-vi-sliter-med-a-skaffe-nok-bitcoin-pa-det-apne-markedet/2-1-854498

Google Translate in English: https://translate.google.com/translate?hl=&sl=no&tl=en&u=https%3A%2F%2Fwww.dn.no%2Fteknologi%2Friver-security%2Fchris-dale%2Fnhh%2Fchris-dale-hjelper-bedrifter-rammet-av-losepengevirus-vi-betaler-ut-sa-mye-at-vi-sliter-med-a-skaffe-nok-bitcoin-pa-det-apne-markedet%2F2-1-854498

Do we really pay criminals #ransom? Ideally, we would not, and we will investigate thoroughly before we do any kind of dealings with criminals. Sometimes however, customers have zero returns to normal operations, and when all other options are discussed, River Security investigates and negotiates with the criminals. Payment is never an easy option to conclude, but if payment is what decides if you go bankruptcy or not, would you let your organization be a martyr?

We recommend companies to consider they might’ve already been hacked. These companies getting hacked are not unique, and it is often pertaining lost usernames and passwords. Most companies we check already have leaked usernames and passwords from the past 6 months; credentials that are likely still working. Customers on our proactive digital attack surface monitoring solution get automatic notifications and proof-of-concepts of credentials which are leaked and that are still working in the enterprise, among many other things.