{"id":4252,"date":"2019-02-12T15:58:57","date_gmt":"2019-02-12T19:58:57","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=4252"},"modified":"2019-02-12T16:00:05","modified_gmt":"2019-02-12T20:00:05","slug":"key-lessons-from-the-vfemail-incident-for-businesses","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/","title":{"rendered":"Key Lessons from the VFEmail Incident for Businesses"},"content":{"rendered":"

\"Key<\/p>\n

Today, the VFEmail incident dominates the cybersecurity discourse, adding a new layer of worry to an already anxious professional field. <\/span><\/p>\n

The VFEmail incident concerns the titular email provider; they suffered what experts and insiders describe as catastrophic data destruction at the hands of external threat actor. According to <\/span>KrebsonSecurity<\/span><\/i><\/a>, the attacker destroyed all of the provider\u2019s primary and backup data. The attacker and their motives remain unknown at time of writing.<\/span><\/p>\n

\t\t\t

\"Download<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n

VFEmail released a statement via <\/span>Twitter<\/span><\/a>. \u201cAt this time, the attacker has formatted all the disks on every server. Every VM [virtual machine] is lost. Every file server is lost, every backup server is lost. Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.\u201d<\/span><\/p>\n

KrebsonSecurity reports VFEmail owner Rick Romero retrieved backup data for the Netherlands, but believes U.S. users\u2019 mail remains lost. <\/span><\/p>\n

What Enterprises Can Learn from the VFEmail Incident<\/b><\/h3>\n

This incident could prove devastating for VFEmail both in the short and long term; this case demonstrates the absolute worst case scenario for enterprises of all sizes. The breach remains too recent to determine the full extent of the damage to VFEmail\u2019s reputation and bottom line; however, it seems likely to be quite extensive. <\/span><\/p>\n

The VFEmail incident illustrates the importance of privileged access management for enterprises. No intruder should have acquired the permissions to delete the entirety of data for the servers; in fact, no privileged user should have had permissions to simply delete the entirety of an enterprises\u2019 data. A privileged access management solution<\/a> would have alerted their IT security team about this potentially dangerous access and helped them to curtail it to avoid such data destruction. <\/span><\/p>\n

Additionally, while we cannot speculate on the authentication methods used to protect the email provider\u2019s servers, multifactor authentication would have helped prevent an external threat actor from penetrating so far into the network. A privileged access management solution would have helped to install multifactor authentication, especially on key databases.<\/span><\/p>\n

Moreover, a PAM solution could have allowed VFEmail to install granular authentication protocols\u2014authentication which scales with the sensitivity of the access request and the data protected. This could have deterred the intruder and provided sufficient time for the internal security team to detect the threat. <\/span><\/p>\n

Finally, privileged identity solutions<\/a> allow for the monitoring of user behavior connected to privileged accounts. If a super-user begins to act suspiciously while making sensitive access requests, PAM could send a security alert and work with other applications to prevent further access until the activities\u2019 legitimacy could be determined. \u00a0\u00a0\u00a0<\/span><\/p>\n

Experts Weigh in on the VFEmail Incident<\/b><\/h3>\n

We consulted with identity security and cybersecurity experts for their take on the VFEmail incident. Here\u2019s what they recommend for your enterprise: \u00a0<\/span><\/p>\n

Fausto Oliveira, Principal Security Architect at<\/b> Acceptto<\/b><\/a>:<\/b><\/span><\/h3>\n

\u201cThis attack left VFEmail, and some of their customers, without access to their information. This raises questions of what disaster recovery strategy was in place and why data wasn’t backed up into cold storage, thus making it unavailable to attackers. If they had a strategy in place, they should be able to recover at least a substantial part of their customers’ data.\u201d<\/span><\/p>\n

\u201cThe fact that attackers were able to access and erase all the information demonstrates that the systems were not protected in an effective way. Critical systems, such as these that host customer data, must be protected with enhanced security and all operations must be protected using intelligent Multi-Factor Authentication solutions. If those controls were in place, an operation that deviates from trusted behavior would have raised the friction towards the attackers and provide immutable logs showing that the attack was in progress, allowing VFEmail to react quickly and potentially stop the breach before data was destroyed.\u201d<\/span><\/p>\n

Chris Morales, Head of Security Analytics at<\/b> Vectra<\/b><\/a>:<\/b><\/span><\/h3>\n

“This kind of destructive attack, with no stated motive or demands, is quite rare. An organization losing all of their data, and all of their customer data, is a nightmare scenario that could easily put a small company out of business and cause a huge financial impact on a large enterprise. Sony suffered this type of catastrophic destruction in 2014, which was attributed to North Korea.\u201d<\/span><\/p>\n

\u201cThe first thought that comes to mind is this is a service being sold as a secure email. The second is that if this is secure email then where are the offline backups and archives? Offline backups might not give a full restore to the exact date data was lost, but it would prevent the complete loss of all historical user data.\u201d<\/span><\/p>\n

\u201cOffline backup is the same strategy organizations are using to counter loss from ransomware.”<\/span><\/p>\n

Praveen Jain, Chief Technology Officer at<\/b> Cavirin<\/b><\/a>:<\/b><\/span><\/h3>\n

“Given the types of increasingly common attacks, sometimes without any obvious motive, it is imperative that organizations take all possible precautions to ensure their cyber posture. \u00a0This includes air-gapped backups and better training of employees so they don\u2019t become an attack vector.\u201d <\/span><\/p>\n

\u201cIn the case of VFEmail, for better or for worse, we may see some of the same user behavior changes as with lesser-known cloud providers that have had breaches, where they migrate to the Tier-1 providers for perceived safety.”<\/span><\/p>\n

Terence Jackson, Chief Information Security Officer at<\/b> Thycotic<\/b><\/a>:<\/b><\/span><\/h3>\n

“This type of attack highlights the significance of having, updating and testing your disaster recovery\/business continuity plans frequently and using an established Privileged Access Management solution.\u201d <\/span><\/p>\n

\u201cThe about page on the website shows a network diagram that includes an offsite backup server attached to the public internet. At this point, I believe we still have more questions than answers.\u201d <\/span><\/p>\n

\u201cHowever, I do believe that the owner gave us a nugget as to how the compromise occurred. Rick Romero stated \u2018This was more than a multi-password via ssh exploit.\u2019 So, was this simply a Brute Force attack? Credential Stuffing? \u00a0Based on his statement, perhaps. Nevertheless, there are some good best practice takeaways from this incident:<\/span><\/p>\n

    \n
  1. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Develop and test your Disaster Recovery Plan.<\/span><\/li>\n
  2. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Don\u2019t store production and backup data together..<\/span><\/li>\n
  3. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Have online and offline backups.<\/span><\/li>\n
  4. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Use Privilege Access Management solutions to automatically rotate your passwords and ssh keys.<\/span><\/li>\n
  5. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Patch, Patch, Patch.\u201d<\/span><\/span><\/span> \n


    Widget not in any sidebars
    <\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

    Today, the VFEmail incident dominates the cybersecurity discourse, adding a new layer of worry to an already anxious professional field. The VFEmail incident concerns the titular email provider; they suffered what experts and insiders describe as catastrophic data destruction at the hands of external threat actor. According to KrebsonSecurity, the attacker destroyed all of the […]<\/p>\n","protected":false},"author":41,"featured_media":3663,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[1031,142,125,995,16,112,76,30,124,123,90,25,89,1030,1050,1051],"acf":[],"yoast_head":"\nKey Lessons from the VFEmail Incident for Businesses<\/title>\n<meta name=\"description\" content=\"The VFEmail incident dominates the cybersecurity discourse, adding a new layer of worry to an already anxious professional field.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/\",\"name\":\"Key Lessons from the VFEmail Incident for Businesses\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg\",\"datePublished\":\"2019-02-12T19:58:57+00:00\",\"dateModified\":\"2019-02-12T20:00:05+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"The VFEmail incident dominates the cybersecurity discourse, adding a new layer of worry to an already anxious professional field.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"Nintendo Breach: What to Know and Expert Commentary\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Key Lessons from the VFEmail Incident for Businesses\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer's Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Key Lessons from the VFEmail Incident for Businesses","description":"The VFEmail incident dominates the cybersecurity discourse, adding a new layer of worry to an already anxious professional field.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/","url":"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/","name":"Key Lessons from the VFEmail Incident for Businesses","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg","datePublished":"2019-02-12T19:58:57+00:00","dateModified":"2019-02-12T20:00:05+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"The VFEmail incident dominates the cybersecurity discourse, adding a new layer of worry to an already anxious professional field.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg","width":800,"height":400,"caption":"Nintendo Breach: What to Know and Expert Commentary"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/key-lessons-from-the-vfemail-incident-for-businesses\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Key Lessons from the VFEmail Incident for Businesses"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer's Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4252"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=4252"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4252\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/3663"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=4252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=4252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=4252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}