A digital intrusion at PCM Inc., a
major U.S.-based cloud solution provider, allowed hackers to access email and
file sharing systems for some of the company’s clients.
El Segundo, California based PCM [NASDAQ:PCMI]
is a provider of technology products, services and solutions to businesses as
well as state and federal governments. PCM has nearly 4,000 employees, more
than 2,000 customers, and generated approximately $2.2 billion in revenue in
2018.
Sources say PCM discovered the intrusion in mid-May 2019. Those sources say the attackers stole administrative credentials that PCM uses to manage client accounts within Office 365, a cloud-based file and email sharing service run by Microsoft Corp.
One security expert at a PCM customer who was recently notified about the incident said the intruders appeared primarily interested in stealing information that could be used to conduct gift card fraud at various retailers and financial institutions.
In that respect, the
motivations of the attackers seem similar to the goals of intruders who breached Indian IT outsourcing giant Wipro Ltd. earlier
this year. In April, Krebs Security broke the news that the Wipro intruders
appeared to be after anything they could quickly turn into cash, and used their
access to
It’s unclear whether PCM was a
follow-on victim from the Wipro breach, or if it was attacked separately. As
noted in that April story, PCM was one of the companies targeted by the same
hacking group that compromised Wipro. The
intruders who hacked into Wipro set up a number of domains that appeared
visually similar to that of Wipro customers, and many of those customers
responded to the April Wipro breach story with additional information about
those attacks.
PCM
never did respond to requests for comment on that story. But in a statement
shared to a IT firm on 19 June 2019 , PCM said the company “recently
experienced a cyber incident that impacted certain of its systems.”
“From
its investigation, impact to its systems was limited and the matter has been
remediated,” the statement reads. “The incident did not impact all of PCM
customers; in fact, investigation has revealed minimal-to-no impact to PCM
customers. To the extent any PCM customers were potentially impacted by the
incident, those PCM customers have been made aware of the incident and PCM
worked with them to address any concerns they had.”
On June 24, PCM announced it was in the process of being acquired by
global IT provider Insight Enterprises [NASDAQ:NSIT]. Insight
has not yet responded to requests for comment.Earlier this week, cyber
intelligence firm RiskIQ published a lengthy analysis of the hacking group that targeted
Wipro, among many other companies. RiskIQ says this group has been active since
2016 and posits that the hackers may be targeting gift card providers because
they provide access to liquid assets outside of the traditional western
financial system.
The breach at PCM is just the
latest example of how cybercriminals increasingly are targeting employees who
work at cloud data providers and technology consultancies that manage vast IT
resources for many clients. On Wednesday, Reuters published a lengthy story on “Cloud Hopper,” the nickname given to a network of Chinese
cyber spies that hacked into eight of the world’s biggest IT suppliers between
2014 and 2017.
Best Regards ,
Web Admin
LATVIK SECURE
LATVIK TECHNOLOGIES ™
www.latvikhost.com | https://latviksecure.blogspot.com 