Dell Foils Hack Attempt with Rapidly Deployed Countermeasures

cageymaru

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
22,080
Dell has announced that its cybersecurity team foiled an unauthorized intrusion into its network that attempted to extract Dell.com customer information; limited to names, email addresses and hashed passwords. The Dell security team stopped the hackers by immediately implementing countermeasures. Dell also hired a digital forensics firm to conduct an independent investigation and notified law enforcement. Although the investigation concluded that no customer information was taken or sensitive data targeted, Dell took the extra step of proactively resetting Dell.com customer passwords to further protect customer data. Thanks Schtask !

We are committed to doing everything possible to protect our customers' data. Dell will continue to invest in our information technology networks and security to detect and prevent the risk of unauthorized activity.
 
They did require me to change my password a couple days ago, so if this is just PR, they planned it well.
 
Hmmm, a company that went private spends enough to actually be able to prevent shit like this, while countless massive public companies have had breaches, probably because they think of IT as only an expense.
 
britjh22 said:
Hmmm, a company that went private spends enough to actually be able to prevent shit like this, while countless massive public companies have had breaches, probably because they think of IT as only an expense.
Click to expand...

I don't think it has to do with private vs public. I know plenty of public companies that employ similar protections. Also, Dell is going public again.
 
1WapdGc.png
 
Kardonxt said:
Someone give that Dell PR guy a raise. WIth all of the negative press about constant hacks and data loss this sounds amazing. The sceptic in me says, easy to fake, impossible to disprove, great PR!
Click to expand...
Hehe. Lets spin this intrusion, born of lackluster policy and incompetence, into a heroic victory!
 
Interesting to contrast how quickly Dell made a public announcement with how quickly Atrium Health made one.
 
horskh said:
This is news.
Click to expand...
This is news because usually we only hear about this kind of thing after 1000's of personal details have been stolen by hackers. Kudos to Dell for taking proactive action and protecting it's customers.
 
Dead Parrot said:
Interesting to contrast how quickly Dell made a public announcement with how quickly Atrium Health made one.
Click to expand...

Different companies with different types of data and in different scenarios. The more important the information, the greater the penalty for the crime, the more likely a company is going to delay so they can try and catch the criminal. If they immediately report the breach, the criminal knows they are onto them, the more likely they will start to cover their tracks.
 
NoOther said:
Doubt it, as it is fairly easy to change and/or mask the IP. Likely they created a fingerprint to filter traffic and blocked based on the signature of that fingerprint.
Click to expand...

not sure if your trying to impress anyone or just giving security professionals way too much credit lol
 
My guess is they saw an unusual spike in failed login attempts to a database, database sent out an alert email of this condition to the IT team. Team turned off the database quickly just in case. Big PR celebration.
 
Ihaveworms said:
My guess is they saw an unusual spike in failed login attempts to a database, database sent out an alert email of this condition to the IT team. Team turned off the database quickly just in case. Big PR celebration.
Click to expand...

I was thinking similar but even more cynical. Several failed login attempts, account automatically locked by policies, notification sent to admin. admin googles incoming IP to chinese isp, lets everyone know he successfully foiled chinese hackers.
 
This should be expected of an IT company, especially one who played in the Network Security space (Dell used to own Sonicwall.) Dell also still has a strong relationship with Sonicwall so I'd be worried if someone got in...
 
NoOther said:
Impress anyone with what? This is common practice for perimeter security these days.
Click to expand...

They clicked on an event on their WAF and then clicked again to add the signature to the blocking behavior. Regardless of platforms I'm estimating up to 6 clicks lol. Thats it. Again, Yippppeeeeeee.
 
purple_monster said:
They clicked on an event on their WAF and then clicked again to add the signature to the blocking behavior. Regardless of platforms I'm estimating up to 6 clicks lol. Thats it. Again, Yippppeeeeeee.
Click to expand...

Maybe, maybe not. Might have been that the system they used created its own signature and automatically blocked it with nobody clicking anything. But even if they clicked on an event, something was using a special algorithm to generate an alert that matched that attack. In either case, that is far more than just blocking an IP, as blocking an IP rarely does too much, and in fact, can end up hurting by blocking a lot of good traffic.

Also to find something like this where it is actually finding activity which is stealing data, they probably used deep packet inspection. They matched that to other various activity alerts and generated a countermeasure specifically for that activity. So more than just using a WAF.

As for it being big news, I see this kind of thing done quite a bit, but probably not something most people are aware of. Most of the time companies do not even put out a notice when they successfully block an attack. In this case it is likely Dell doing cya just in case some data was taken.
 
Last edited:
You must log in or register to reply here.
Back
Top