Threat Watch

Yevgeniy Nikulin Found Guilty of LinkedIn, Dropbox, and Formspring Breaches

Peace_of_Mind: Russian citizen Yevgeniy Nikulin, aka Peace_of_Mind, and Peace, stood trial this week in California for the breaches of LinkedIn, Dropbox, and Formspring. All three breaches took place in the spring of 2012, and Nikulin was arrested in Prague in 2016. These three breaches consisted of over 200 million user credentials being harvested in total, but Nikulin is suspected of being involved in even more compromises. Throughout the trial, the judge overseeing the case called the prosecution’s methods into question. Despite this fact, the jury returned after only six hours of deliberation with a guilty verdict.

ANALYST NOTES

The three breaches have continued to be a significant security issue for organizations around the world despite them being eight years old. In all three cases, the compromises began after phishing attacks were utilized against employees at each of the three companies. After infecting employee laptops with malware, Nikulin abused those employees’ access and VPNs to exfiltrate data from the corporate victim’s networks. All three breaches continue to be utilized by criminals in password spraying attacks against users of all kinds, from employees of corporations to major public figures. Often times utilizing a VPN to control remote access to corporate networks creates a false sense of security. While it does limit access to trusted devices, it does little to defend against trusted devices that have been compromised such as what happened in the case of these three companies. Endpoint Detection and Response (EDR) can help ensure that individual devices, including employee laptops, are monitored for compromises so that they can be blocked and remediation can take place before an attacker can exploit an employee’s access. Following major compromises, it is vital that potential victims change their passwords and use complex and unique passwords not only on the affected accounts but also on any other systems which users may have used a similar password. Multi-Factor Authentication (MFA) is still the best way to secure accounts from unauthorized access. More information on this incident can be found at https://www.zdnet.com/article/russian-hacker-found-guilty-for-dropbox-linkedin-and-formspring-breaches/