October 1, 2022

COSFONE

Networking, PBX, IT, DIY Solution

AMD 450Gb data stolen because employee set password to “123456”?

5 min read

AMD 450Gb data stolen because employee set password to “123456”?



AMD 450Gb data stolen because employee set password to “123456”?

The reality tells us that in many cases, life is far more outrageous than the joke: because the employee set the password to “123456”, the company leaked 450Gb of data – this sounds very “bizarre”, but it actually happened in on the chip giant AMD.

Last week, a ransomware group called RansomHouse claimed to have stolen 450Gb of data from AMD, all thanks to “weak passwords set by AMD employees.”

1. Not “ransomware groups”, but “professional mediators”

RansomHouse became active as early as December 2021, when it leaked data from Canada’s Saskatchewan Liquor and Gaming Authority (SLGA), resulting in an “instant hit”.

Compared to other cybercriminal organizations, RansomHouse is somewhat “special”. It does not consider itself a “ransomware group”, but instead defines itself as a “professional mediator” and says it has never produced ransomware or encrypted data:

We are not involved in any breach, nor do we produce or use any ransomware. Our main goal is to minimise possible damage to the parties involved. RansomHouse members prefer common sense, good conflict management, and sensible negotiation to work towards fulfillment of each party’s obligations, rather than unconstructive arguments. These are the necessary and sufficient principles necessary to bring about friendly agreements, and even fruitful friendly cooperation.

Despite how “refined and refined” this self-introduction is, RansomHouse’s hacking of companies to steal data continues one after another: the front foot just claimed to have obtained 600 GB of data from Shoprite, Africa’s largest retailer, and the back foot is still in the mood to disclose the next one. Hacking the company, posting the riddle on Telegram:

AMD 450Gb data stolen because employee set password to "123456"?

We have prepared a new surprise! First, there’s a little puzzle for you: the first person to solve it will get the relevant link. So, please name this company:

1) Almost everyone knows

2) The name consists of 3 letters

3) The first letter is A

Just write your guesses on this channel and you’ll get the link in a private email later.

Then a week later, RansomHouse announced the answer: AMD, adding that “you’ll be amazed at how well they keep it safe.”

AMD 450Gb data stolen because employee set password to "123456"?

2. “It’s all thanks to these passwords”

According to RansomHouse, it successfully compromised AMD’s internal network as early as January 2022, stealing “over 450 Gb” of data. To this end, RansomHouse also released a data sample as evidence, which includes network files, system information, and weak password documents:

AMD 450Gb data stolen because employee set password to "123456"?

RansomHouse wrote on its website: “This is an era of high technology, progress and high security, and this saying means a lot to people. But when tech giants like AMD use simple passwords like ‘password’ to When it comes to protecting its network from being hacked, that statement still seems to be a superficial beauty. Sadly, this is the real password used by AMD employees, and even more humiliating for the AMD security department, due to the files we stole, They also got a lot of money for construction – all thanks to these weak passwords.”

RansomHouse’s claim was thought to be an “exaggeration,” but according to TechCrunch’s analysis of its public data samples, RansomHouse wasn’t kidding: some AMD employees did use overly simple passwords like “password,” “123456,” and ” Welcome1″ and so on – it’s easy for hackers to break into AMD’s internal systems.

But it’s even more confusing: AMD, such a chip giant, doesn’t do any security checks on its systems to ensure employees use strong passwords? Or is there no additional steps required to enter AMD’s internal system, just a password?

“AMD and any high-tech company should require multi-factor authentication against phishing for all logins. If MFA cannot be used, strong and unique passwords should also be required,” said Roger Grimes, an expert from KnowBe4, a security awareness training platform: “It’s ironic that AMD employees are still using passwords like ‘password’ to access critical networks, which is really incomprehensible.”

3. AMD: Currently investigating

On the day RansomHouse announced the “mystery”, AMD responded: “AMD is aware of criminals claiming to have data stolen from AMD and is currently investigating.” AMD refuses to answer questions such as whether it has been accessed, whether password security measures have been set up.

Looking at the “victims” list on the RansomHouse homepage, there are six after AMD is added, and the most recent two are Shoprite and AMD:

Furthermore, from RansomHouse’s description of the list, the main purpose of stealing data is for money: “These companies either believe that their financial interests outweigh the interests of entrusting the data to others, or they choose to withhold their data. Facts that have been leaked.”

But instead of contacting AMD directly for a ransom, RansomHouse intends to sell the data to other entities or its competitors, as it would be “more valuable,” according to BleepingComputer.

Finally, what are your thoughts on AMD’s data breach due to employees’ weak passwords?

Reference link:

https://www.bleepingcomputer.com/news/security/amd-investigates-ransomhouse-hack-claims-theft-of-450gb-data/

RansomHouse extortion group claims AMD as its latest victim



Copyright © All rights reserved. | Newsphere by AF themes.