NTT Communications, a Japanese-based systems integration company, has announced that they were the victim of a data breach that compromised both their construction information management server and their Active Directory server, impacting 621 customers.
Now, with the BIG breaches that we have grown used to, impacting millions of users, 621 may not sound like all that much, really… But cyber security experts warn that there could be a ripple effect with NTT’s supply-chain partners, considering the fact that its parent company, Nippon Telegraph and Telephone Corp. is actually a the LARGEST telecom company in Japan, meaning it is also one of the largest Telecoms on the globe.
The company announced that they were compromised on May 7, and the breach was discovered four days later. It has been remedied, and they are in the process of contacting those who may have been affected, while also taking the steps necessary to insure this doesn’t occur again in the future.
The did not, however, disclose what was stolen and/or compromised, and they also did not disclose how the virus was able to spread along the network, but there are rumblings in the media that the compromised data may have included one of Japan’s military branches; specifically the Japan Self-Defense Forces.
The breach first came to NTT Communications’ awareness when there was suspicious activity detected on the Active Directory server, when the hackers decided to hone in on a cloud server that was connected with operations in Singapore, though they have been tight-lipped about what method was used to breach the server. What we do know, however, is that after the successful attack, the cyber criminals were able to compromise other intercompany servers, including the aforementioned construction-information management server… but again, we don’t know how. It is possible they have not yet discovered how that happened, but what they do know, or at least think they know, is that the construction-information management server was the server they utilized to contact and ultimately steal files stored on the cloud.
In addition to the stolen files, NTT found and then blocked the websites used by the hackers to communicate with the malicious software they installed on the server. The investigation is ongoing, however, as is their attempts to beef up their cyber security.
While on the outside this may not appear to be too bad, there are serious concerns over how this may ultimately play out, considering the fact that the Active Directory server was actually developed by Microsoft for use in Windows domain networks, because if the attackers were able to give themselves admin access, then NTT might have to rebuild their Active Directory from scratch.
In addition, we don’t know yet if NTT’s supply chain was compromised in anyway, and it will take some time to discover if it is the case.
Have you been compromised?
If you have discovered that your business was the victim of a cyber attack, it’s important to stop what you are doing and contact a cyber security digital forensics specialist as soon as possible, because if you don’t, you could compromise your data even further. Feel free to contact us at 919-422-2607, or schedule an appointment, free online.