Akorn Database for the Highest Bidder: Hacker Holds Pharma Data Auction
A Lake Forest, IL, pharmaceutical company has discovered its cybersecurity defenses were not as impregnable as thought. A hacker has managed to infiltrate the customer database of Akorn Inc., and has stolen over 50,000 records. Those records have been offered online to the highest bidder, or will be given back to Akorn if the price is right.
In spite of outward appearances, the attack does not appear to be financially motivated; instead the hacker has claimed that the cyberattack was staged to “teach them a lesson in security.”
Hacker Claims Responsibility for the Attack
Earlier this week a known hacker, operating under the name “Mufasa,” made an offer via the dark web to sell the data appropriated in the Akorn cyberattack. Along with that offer was a selection of the data confirming the authenticity of the offer. The hacker is the same person who claimed responsibility for the huge iiNet ISP data breach in Australia earlier this month.
The hacker is known for using SQL Injection to exploit security vulnerabilities, and according to Salted Hash, the same technique was used to gain access to Akorn’s database. Salted Hash reached out to the hacker and initiated a conversation in which it was informed that “Every PHP file on their website was vulnerable.”
Akorn has responded promptly to the threat and has started issuing breach notifications to all individuals affected by the data breach. They are being informed that their names, email addresses, usernames and passwords have been exposed along with their business address. No Social Security numbers appear to have been compromised; however the database did contain a unique Drug Enforcement Agency (DEA) Identification Numbers. These unique numbers are issued by the DEA and are used as identifiers for individuals allowed by law to supply narcotics.
High Risk of Spear Phishing
The probability of the data being used to obtain narcotics is relatively low. The DEA is aware which ID numbers have been compromised, and even if this were not the case, prescriptions are closely monitored. The main risk is from spear phishing.
Spear phishing is a highly effective method of infiltrating computer networks. A hacker does not need to break through complex multi-layered security systems, and does not require the technical skill needed for SQL injections. With the information stored in the customer database, a highly convincing spear phishing campaign could be launched. With detailed information on healthcare providers, phishing campaigns could prove highly effective and could potentially allow criminals to gain access to even larger stores of data.
According to Salted Hash, the hacker has received some offers from individuals interested in the data but a decision to sell has not been made, and the hacker appears to be reluctant to disclose the information. It was confirmed that this is not a financially motivated attack, although the data may still be sold “if someone were to offer the right price.”
According to Mufasa, “if Akorn wanted to purchase the data back, the price is $5,000 USD,” hardly a princely sum for a company that splashed out $640 million on the purchase of Hi-Tech Pharmacal in 2013.
As Mufasa told Salted Hash, “[Akorn spent] 640 mil on buying a company and they couldn’t invest in some [website] security.”
The stolen customer database contains highly sensitive information, yet it was not encrypted. Mufasa saying “they had no security whatsoever.”