Michael Page Data Breach: 780K Email Addresses Exposed

This week we hear how about how 780k Email Addresses Exposed in Capgemini Leak of Michael Page Data and how Russian Hackers Target Think Tanks Post-Election.

Breach

780k Email Addresses Exposed in Capgemini Leak of Michael Page Data

Michael Page, a global recruitment firm, has reported a data leak of job-related information that included names, email addresses, encrypted passwords, cover letters, and job history of the firm’s 780,000 employment candidates. It is being said that Capgemini, the company that Michael Page contracts their IT services to, inadvertently made a Michael Page server public.

The leak was brought to attention to Michael Page by a security researcher Troy Hunt, and thus, Michael Page believes the leaked MySQL data dump is unlikely to have been misused. However, the files could have been accessed by anyone interested in the data and knew what to look for.

References: The Capgemini Leak of Michael Page Data via Publicly Facing Database Backup | Capgemini Leaks Data of Recruitment Firm PageGroup | Over 780k Email Addresses Reportedly Exposed in Capgemini Leak of Michael Page Data

 

 

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Web application firewall to detect and prevent exfiltration of files
  • Log management could detect any suspicious user account activity
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 
  • Vulnerability scanner to identify any potential vulnerabilities in the environment

Malware

Russian Hackers Target Think Tanks Post-Election

Several U.S. political think tanks and non-government organizations (NGOs) have been targets of a sophisticated phishing campaign. The group that’s believed to be responsible is the Russian hacking group, Cozy Bear. The phishing emails are crafted to provide documents that reveal the flaws of American elections sent by Clinton Foundation staffers, Gmail accounts, and from compromised Harvard.edu email addresses. The messages are intended to fool victims into opening the download links and attachments to install malware. Once the malware has successfully installed, it can examine and control the system that’s been infected and download additional malicious files to bypass antivirus protection.

References:  Russian Hackers Launch Targeted Cyberattacks Hours After Trump’s Win | Suspected Russian Hackers Target U.S. Think Tanks After Election | Russian Hackers Target Think Tanks In Post-Election Attacks

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code
  • FIM solution would detect any type of file modification or addition
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 
  • Proactively utilize your service provider’s DDoS protection services

Top 20 Malicious IP Addresses

212.71.253.43 188.118.2.26
81.183.56.217 46.109.168.179
118.170.130.207 115.28.128.165
93.174.94.71 183.60.48.25
114.215.173.122 80.82.65.207
94.102.51.226 80.82.70.133
93.174.93.219 220.142.194.145
114.44.192.128 80.82.65.212
185.56.82.22 118.184.40.215
93.174.93.221 61.240.144.65

*IP addresses provided by Recorded Future.