Maybe some of our readers are old enough to remember Avon’s catchphrase, “Avon calling!” The Avon ladies show up at your door and rang the doorbell to sell your mother cosmetics. “Avon is Reeling.” A misconfigured cloud server at global cosmetics brand Avon was recently discovered leaking 19 million records including personal information and technical logs. Researchers at SafetyDetectives said they found the Elasticsearch database on an Azure server publicly exposed with no password protection or encryption. No comment from the Avon lady.
“The vulnerability effectively means that anyone possessing the server’s IP address could access the company’s open database,” it explained in a subsequent report. The London-headquartered firm, which boasts over US$5.5bn in annual worldwide sales, was apparently exposing the 7GB database for nine days before it was discovered on 12 June 2020.
It contained personally identifiable information (PII) on customers and employees, including full names, phone numbers, dates of birth, email and home addresses, and GPS coordinates. This is not good. Also included in the cyber haul were 40,000+ security tokens, OAuth tokens, internal logs, account settings, and technical server information. Since the General Data Protection Regulation 2016/679 (GDPR) came into effect and for the UK-GDPR, this may amount to a significant fine for Avon.
While the PII can be leveraged to commit a wide range of identity fraud and follow-on phishing scams, the exposed technical details also pose a risk to Avon, according to SafetyDetectives. “Given the type and amount of sensitive information made available, hackers would be able to establish full server control and conduct severely damaging actions that permanently damage the Avon brand; namely, ransomware attacks and paralyzing the company’s payments infrastructure.”
On a 09 June 2020 filing with the Securities and Exchange Commission, Avon reported it had suffered a “cyber-incident in its information technology environment which has interrupted some systems and partially affected operations.” A second filing on 12 June 2020 claimed that the firm was planning a restart of its systems. “Avon is continuing the investigation to determine the extent of the incident, including potential compromised personal data,” it continued. “Nevertheless, at this point, it does not anticipate that credit card details were likely affected, as its main e-commerce website does not store that information.” It is unclear whether the incident was linked to this exposed cloud server or not.
Hackers are always adapting their methods to catch victims when they least expect it. That is why it is necessary to use a multi-layered approach to protecting systems. This includes advanced threat intelligence at the perimeter in the form of antivirus, security awareness training at regular intervals to strengthen your weakest link (users), and cloud backup to ensure you always have access to the data that fuels your business. And protect your databases with passwords or even better with 2-factor authentication. And, call Red Sky Alliance for support.
Red Sky Alliance has been hs analyzing and documenting cyber threats for 8 years and maintains a resource library of malware and cyber actor reports.
The installation, updating, and monitoring of firewalls, cybersecurity, and proper employee training are keys to blocking attacks. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.
What can you do to better protect your organization today?
- All data in transmission and at rest should be encrypted.
- Proper data back-up and off-site storage policies should be adopted and followed.
- Join and become active in your local Infragard chapter, there is no charge for membership. www.infragard.org
- Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
- Institute cyber threat and phishing training for all employees, with testing and updating.
- Recommend/require cybersecurity software, services, and devices to be used by all at home working employees and consultants.
- Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
- Ensure that all software updates and patches are installed immediately.
Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network. Ransomware protection is included at no charge for RedXray customers.
Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com. Interested in a RedXray demonstration or subscription to see what we can do for you? Sign up here: https://www.wapacklabs.com/redxray
• Reporting: https://www.redskyalliance.org/
• Website: https://www.wapacklabs.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Serial: TR-20-213-001
Report Date: 07312020
Country: International
Comments