A Vietnamese self-professed ‘hacker’ couple recently wreaked havoc on Intercontinental Hotels Group (IHG) “for fun”. The couple initially planned to infiltrate the IHG network to extort money through a ransomware attack. After they were able to get into the network (quite easily – see below) – they were thwarted by the IHG tech team who started to isolate servers blocking their attack. So in retaliation, they decided instead to deploy a wiper attack. A wiper attack essentially erases data irreversibly destroying data, documents and files.
The couple (known by the moniker TeaPea) detailed their attack step by step and was not a terribly difficult hack as far as hacking attempts go. They were able to trick an employee into downloading malicious software through an email attachment (phishing) and were then able to bypass the muti-factor authentication message sent to the worker’s devices. Once in, they were able to access the company’s master password vault that was available to all 200,000 employees by using the incredibly simple password of QWERTY1234.
While they were not able to steal any customer data – they still inflicted much damage that greatly impacted IHG systems.
Lessons to be learned:
1. Teach your employees about phishing and continue to teach them
2. Install a Zero-Trust security policy that does not allow unknown programs/executables to run
3. Ensure you have hourly backups of critical systems both onsite and offsite that are not accessible from within your network
4. Sensitive data should only be available to employees who need access to it to do their daily jobs and minimum levels of access.