A data hack on Swedish security firm Gunnebo has compromised thousands of sensitive documents. The multinational company specializes in secure access portals and provides physical security to various clients, including banks, airports, government agencies, hospitals, and even nuclear power plants. There is no confirmation which organizations were affected by the attack. Still, the data of high-ranked entities like the Swedish parliament, tax agency, and two German banks may have been stolen. Gunnebo reported the hack to Säpo, the country’s internal intelligence and anti-terrorism agency, after external IT forensics deduced that it was “well-organized.”
KrebsOnSecurity warned the security firm back in March that cybercriminals managed to break into its network, then sold account credentials to a hacking group specialized in ransomware attacks. In detail, the cybercrime and computer security blog received a tip from an intelligence firm in Milwaukee called Hold Security about a financial transaction between a hacker, and a cybercrime group specialized in ransomware. The transaction involved credentials to a Gunnebo Remote Desktop Protocol (RDP)account created by an employee who apparently tried to access the company’s network remotely.
On August 25, Gunnebo revealed it thwarted a ransomware attack but had to shut down internal servers to do so. As a result, it added, the impact of the hack was minimal. However, local news agencies last week reported that around 38,000 documents were leaked on the dark web. The report said the data was published in September, with the number of people who accessed it still unknown. Gunnebo CEO Stefan Syrén expressed they “naturally regret” that their files made their way to the darknet, adding that “It has never been an alternative for Gunnebo to pay a ransom to have the files deleted.”
The published files include sensitive information like schematics of client bank vaults and surveillance systems, which are valuable for criminals and robbers. Weak security practices helped the hacker access the company’s system and steal documents. The password of the stolen credential was an easily-guessed “password01.” TheVPN.Guru offers cybersecurity tools like a password checker and generator to optimize your online security. There are also detailed reviews of VPNs, anonymity tools that safeguard your privacy.