“We noticed anomalous behaviour in one of our environments through our security controls and policies,” Accenture said in a statement. “The problem was quickly contained, and the impacted servers were isolated. Our damaged systems were entirely recovered from backup. Accenture’s operations and our clients’ systems were unaffected.”
Over the last week, there has been a lot of confusion surrounding the Accenture security problem, with the business mostly maintaining silent on the details.
However, a few tidbits of information have begun to emerge.
For example, Tim Starks of CyberScoop revealed on Thursday that the attackers, LockBit 2.0, had started leaking some of their stolen data. 2,500 staff and partner systems were compromised, according to Hudson Rock, a cybercrime intelligence data provider.
Starks also cited an Accenture internal memo stating that the company became aware of the security breach on July 30.
“While the attackers were able to obtain certain papers that referenced a small number of clients and certain work items we had produced for clients,” the note reportedly added.
Accenture isn’t alone; Cyble announced on Monday that LockBit had attacked five additional companies in the previous 24 hours.
In a statement, Eleanor Barlow, content manager at SecurityHQ, said, “LockBit attacks are recognised for their ability to encrypt Windows domains by leveraging Active Directory group settings.”
Following a similar attack, the Institution of California, San Francisco has also spent $1.14 million to decrypt files, noting the relevance of the information to “some of the intellectual work we conduct as a university serving the public good.” A panel of security professionals debated the matter at HIMSS21 this week.
“Think about the criteria you’ll use to make that judgement, rather than having a definite ‘always’ or ‘never,'” urged retired Admiral Michael S. Rogers, former head of the National Security Agency and former commander of the United States Cyber Command.