Expert comment on Ubiquiti hiding details of data breach
March 2021 by Vectra
The comment by Gregory Cardiet, Security Engineering Director at Vectra on the recent news that Ubiquiti did not disclose the full details of their recent data breach, according to a whistleblower who worked closely on responding to the attack:
“The whistleblower of the Ubiquiti data breach provides a damning description of the scale and effectiveness of the attack. According to the whistleblower, the attacker set up “several Linux virtual machines” which is a very unusual and uncommon attack method, but is a very simple way to establish a foothold inside of an organisation. The consequences of this attack is similar to the “Sunburst” attack. Once the offender has access to the infrastructure and the network management console, they have the potential to do whatever they want. Offenders are increasingly trying to access Cloud services of vendors in order to gain access to a large amount of companies.
Because of this, detection capabilities on the control plane of Cloud infrastructures is becoming a must. We expect a strong rise of these types of attacks as many organisations have moved or are transitioning to AWS/Azure/GCP clouds. This attack highlights the overall risk of using a SaaS and the importance of certifications such as the SOC2 Type2 compliance.
AWS is very clear about the shared responsibility model that they provide. They are not responsible for securing the access to their service, Ubiquiti is. The overall lack of responsibility by Ubiquiti and the response provided, questions the trust that customers should put in their service. We can certainly expect there to be a financial impact to this attack.”