OVH hack prompts calls for tigher system admin security controls

Web hosting firm confirms European database breach.

The multi-stage cyber attack carried out against web hosting giant OVH has prompted calls for firms to tighten up security access to privileged accounts.

The French firm confirmed this week that an email account belonging to one of its system administrators was breached by hackers, allowing them to gain access to its European customer database.

Advertisement - Article continues below

We were not paranoid enough so now we're switching to a higher level of paranoia.

The hackers also acquired access to the firm's installation server system in Canada.

In a post on the company's web forum, OVH said the European database contains the names, addresses, telephone numbers and encrypted passwords of its customers, but no credit card information.

The company said it would take a lot of "technical means" for hackers to recover the "salted" passwords, but as a precaution it is encouraging its customers to reset them anyway.

The database breach resulted from the hackers using the system admin's email account to gain access to another employee's internal VPN, which in turn allowed them to take control of the person who handles the firm's internal back office systems.

The hack has prompted an overhaul of OVH's internal security policies, the post confirmed, including the introduction of automatically generated passwords for employees and the creation of a new VPN with highly restricted access.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Consulting internal emails is now only possible from the office/VPN," the post continued.  "All those who have critical access now have three verification levels: IP source, password, [and a] staff USB security token," it added.

OVH said it has filed a criminal complaint about the incident to the judicial authorities.

"In the coming months the back office will be under PCI-DSS, which will allow us to ensure the incident related to a specific hack on specific individuals will have no impact on our databases," it said.

"In short, we were not paranoid enough so now we're switching to a higher level of paranoia. The aim is to guarantee and protect your data in the case of industrial espionage that would target people working at OVH."

Sol Cates, chief security officer at database encryption vendor Vormetric, said system admins are a common target for hackers because it makes delving deeper into the company's IT infrastructure much easier.

Advertisement - Article continues below

"By taking over the access rights of someone already on the system, hackers are able to easily circumvent the traditional perimeter defences that would have once foiled their efforts, and gain access to the corporate network," Cates explained.

"It's time to limit what impact these accounts have within our walls, to reduce exposure to data, detect activity, while allowing them to continue to perform their expected functions. 

"A layered approach, where data is firewalled' with sophisticated encryption and buffered by security intelligence capable of detecting this type of malicious and anomalous behaviour, is essential," Cates added.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
Microsoft Azure Digital Twins previews new features
Cloud

Microsoft Azure Digital Twins previews new features

30 Jun 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020