Follow us

Accenture Confirms Data Breach After August Ransomware Attack

Billion-dollar tech firm: Accenture was said to be downplaying an apparent ransomware attack announced by the LockBit ransomware group. The IT giant was listed on the LockBits leak website; it was noted that the data came from an "insider," but there was no crackup on the operations or the client services

Published: October 20, 2021 By Ozair Malik

Accenture Company name on the keyboard

Image Source - cyberiqs.com

The LockBit ransomware gang claimed to have asked for a $50 million ransom and have stolen 6Tb of data. On the other hand, the company remained not publicly acknowledged the said data breach outside of SEC filings.

For the fourth quarter and full fiscal year, the news about the ransomware attack was included in the company’s financial report on August 31, 2021.

In the past, we have experienced, and in the future, we may again experience, data security incidents resulting from unauthorized access to our service providers' systems and unauthorized acquisition of our data and our client's data, including inadvertent disclosure, misconfiguration of systems, phishing ransomware or malware attacks. Moreover, our clients experienced, or may experience in the future, breaches of systems and cloud-based services enabled by or provided by us.

reads the financial report published by Accenture

Ransomware Group Threatens to Leak Stolen Data

Dated: August 10, 2021

LockBit 2.0, a known ransomware group, threatened to publish breached data files after stealing from the well-known billion-dollar tech-providing company; Accenture. In the light of this ransomware attack, the gang further blackmailed Accenture if the said ransom was not to be paid timely.

They claimed to be willing to sell out the sensitive data to interested parties without showing any proof of the stolen data whatsoever.

Format as Citation:

These people are beyond privacy and security. I hope their services are better than what I saw as an insider. If you want to buy some databases, reach us,

states LockBit on their data leak site

Dated: September 1, 2021

Accenture, in an interview, claimed that the irregular activity was identified and contained the matter immediately and isolated the affected servers through their security controls and protocols.

They further claimed to have restored their affected systems from back-ups and that there was no impact on the clients’ systems and other operations.

6TB of Files Stolen, $50 Million Ransom Demand

It was confirmed through a research team that the LockBit ransomware gang claimed to have stolen six terabytes of data files from Accenture and were said to be demanding a ransom of around $50 million.

Additionally, sources familiar with the attack further notified that Accenture had confirmed ransomware attack to the IT services provider and at least one CTI vendor staying in the process of informing more and more customers.

Hudson Rock, a cybercrime intelligence firm, shared that Accenture had about 2500 compromised computers associated with partners and employees.

The Governments Warning

Earlier the week of August 2021, the Australian Government had warned off of intensified ransomware attacks of LockBit 2.0.

The group had been monitored of actively recruiting insiders at companies that were under the plan of breaching in exchange for millions of dollars as a reward.

LockBit 2.0 Recent Targeting by Industry

Image Source - hajevcgroup.com

LockBit Gang Leaks Bangkok Airways Data

Dated: August 23, 2021

A major airline company Bangkok Airways in Thailand confirmed that earlier in the month of September 2021, it had been victimized by a cyber-attack that compromised passengers' data.

The ransomware gang LockBit had posted a message on their leak website claiming the said breach and threatening the company to publish their stolen data unless off course, the demanded ransom was paid.

It is to be highly considered here that LockBit is the same hacker gang that breached Accenture, the global IT consultancy giant, demanding a sum of $50 million to be paid to stop the alleged 6TB leakage of data files that were stolen.

It was confirmed from sources that LockBit had collected sufficient data to have affected the and breached client systems.

Passenger Data Leaked

LockBit leaked more than 200GB of data belonging to the Thai company, indicating that the security of the company's systems was in disagreement that the airline's claims to protect the privacy of their customers. The attack was discovered on August 23, 2021, and necessary measures were taken accordingly to contain the incident. To retrieve and check the data breached, an investigation was also begun.

The hackers were said to have accessed the passengers' data instead of attacking Bangkok Airways’ operational or aeronautical security systems.  The breached data included passport information, physical addresses, credit card information, names, nationality, phone numbers, and special details as such, etc.

The Airways further warned the customers that the attackers might try to double as a company representative to access more personal information related to credit cards etc.

Focus on Accenture Customers

Format as Citation:

Commercial and professional services, as well as the transportation sector, is also highly targeted by the LockBit group

Prodaft said

The LockBit ransomware gang breached the systems of another airline company, named Ethiopian, before hitting Bangkok Airways and stole their data. Both of these attacks were carried out after the attackers: LockBit had compromised the systems of Accenture.

Further, it was brought to light that the breach of Accenture had given the access to the gang that led them to sensitive credentials and enabled them access to the company’s customers. An airport using Accenture software and systems was held victim to another attack.

LockBit RaaS

Dated: June 3, 2021

LockBit ransomware-as-a-service (RaaS), an increasingly popular business of gang that writes and distributes its malware, was in action since around September 2019, but the latest version that emerged in June 2021, known to be the version 2.0 malware, has been used in more than 70 attacks against different organizations all over the globe indicating a stronger operation of RaaS activity.

Announcing of the LockBit 2.0

Around January 2020, on a Russian-speaking forum known as XSS, LockBit was found advertising their affiliated program. The RaaS gang had been seen using the same platform before to advertise their malware and hunt for new affiliates.

The Australian Cyber Security Centre

Dated: August 6, 2021

The Australian Cyber Security Centre published a consultative perceiving that the LockBit ransomware group had relaunched and has levitated the attacks after a small break. To access specific victims, the group members were exploiting and searching present vulnerabilities in the FortiPorxy products and the Fortinet FortiOS.

The ACSC is aware of numerous incidents involving LockBit and its successor 'LockBit 2.0' in Australia since 2020. The majority of victims known to the ACSC have been reported after July 2021, indicating a significant and sharp increase in domestic victims in comparison to other tracked ransomware variants,

the release added

Downplaying and Alleged Ransomware Attack

In a statement, the Accenture spokesperson downplayed August 2021, claiming it had little to no impact on the company’s expenditures.

Accenture was known to have brought in more than $40 billion sums of revenue for the year 2020 and is also known to be famous for having approximately 550,000 employees across the globe in multiple countries.

Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from back up," the company said. There was no impact on Accenture's operations or our clients' systems.

Accenture refused to answer any questions about whether the attack was an insider attack and when the incident took place. Many similar questions were raised, the amount of data taken during the attack, the unlikely condition for an Accenture insider, and considering how easy or difficult it would be to trace the intrusion.

In a report, it further noticed that the company said that it found out that 54% of all ransomware or fraud victims were companies with year-end revenues to be around $1 billion and $9.9 billion.

During the fourth quarter of fiscal 2021, we identified irregular activity in one of our environments, which included the extraction of proprietary information by a third party, some of which was made available to the public by the third party.

LockBit 2.0 image

Image Source - bleepingcomputer.com

Accenture Confirms Data Breach

Dated: 16 October,2021

As previously mentioned, Accenture refused to take claim for the ransomware attack by LockBit to have caused the company serious problems or severe data breaches. It came to light that the company indeed was taken under some serious threat.

It was still known that Accenture had confirmed with at least one vendor of the cyber threat intelligence regarding the ransomware intrusion.

It is taken into consideration that since the company has not yet allegedly notified relevant authorities and made anything publicly known about the data breach outside the SEC filings brings us to the conclusion that the information stolen did not contain anything personal and identifiable, also put to be (PII) personally identifiable information or protected health information (PHI), but if it had been the case, then there would've been a great uproar amongst the many famous users of Accenture, triggering regulatory notification requirements.

Tips to be Safe

To stay protected and reduce the threat of cybercrimes, let us look at some tips:

  • Be aware of cyber-related crimes and cautions
  • Be smart! The chances of getting scammed by people online are increasing day by day.
  • Limit the sharing of personal information online, even with known parties.
  • Before you accept or allow policies and cookies on unknown websites, make sure to go through them.
  • Be careful with opening random links and requests or posts.
  • 2-factor authentication is the way to go!
  • Carefully go through the conditions and settings before making your device vulnerable.
  • Responding to spam emails, downloading unauthorized links and apps can cause problems.
  • Configure your devices with pins, facial recognitions, thumbprints, etc.
  • Ensure adequate protection is enabled on your device.

Conclusion

The world's time has made cybercriminals more exposed to better opportunities for exploitation; along with the existing attacks, new types of fraud are seen in the cyber world.

Every organization that functions today is exposed and prone to cybercrimes and has created an unending void of opportunities for cybercriminals.

Tags: 
News
Author
Ozair Malik
A passionate Cyber Security researcher and writer with a keen interest in Digital Forensics. A community worker running a insta blog to raise cybersecurity awareness among laymen.

Leave a comment

click to select