![]() ![]() (For example, a customer might request assistance regarding underexposed video scenes, and the support team would use a script to adjust the exposure compensation of the cameras.) The customer support server did not contain production systems or any source code. ![]() The Verkada support team used a customer support server for remote customer support on behalf of customers. We describe both below with the scope of data that was exposed. There were two systems directly involved in the attack. As an upper bound (worst case), we include all data on any systems accessed by the attacker, even if there was limited or no evidence that any data was exfiltrated. Our investigation set out to determine the upper bound of all possible unauthorized access to customer data and customer devices. ![]() The federal grand jury indictment alleges that Kottmann is a Swiss computer hacker who has hacked dozens of companies and government agencies and has purportedly leaked internal files and records of more than 100 entities. Department of Justice announced that a federal grand jury had indicted Kottmann for conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, and aggravated identity theft pertaining to activity that predated the attack on Verkada. Past breaches allegedly associated with Kottmann have been consistent with opportunistic exploitation rather than a mission requiring sustained persistent access. The attack has been attributed to a threat actor named Tillie Kottman. Upon learning about the incident, Verkada engineers immediately triaged the attack, revoked access, and investigated data sets for indicators of compromise. Thereafter, Perkins Coie retained FireEye/Mandiant to undertake a forensic investigation to assist Perkins. Verkada engaged Perkins Coie LLP to provide legal advice regarding this incident. Within two hours, Verkada cut off the attackers’ access, and within six hours Verkada began notifying affected customers. Verkada learned of the breach on March 9 at approximately 18:00 UTC. Apart from this access, there was no other access to Verkada’s internal network, including its financial systems and other business systems. Once the attackers accessed that server, they found customer support administrator credentials and used those to log into a customer support web interface, where they accessed customer devices using internal support functionality that emulated user sessions. The attackers’ vector of entry was through a misconfigured customer support server exposed to the internet. Finally, the attackers downloaded a list of Command users (including names and email addresses but no passwords) and a list of Verkada sales orders. In total, this represents less than two percent of Verkada’s approximately 6,000 customer population. Separately, eight customers had their wifi credentials accessed. Eight of those customers had Access Control product data accessed, including badge credentials. In all, 97 customers had their cameras accessed and video or image data viewed. Executive Summaryįrom March 8-9, 2021, attackers compromised Verkada’s platform and accessed customer data, including video, for a subset of Verkada customers. This report discusses Verkada’s immediate response to the incident and what its investigation has shown regarding the extent of unauthorized access to customer data. Upon learning of a security incident on March 9, 2021, Verkada immediately undertook response and mitigation activities, which included investigation of the incident. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |